1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "networkvpn_service.h"
17
18 #include <cerrno>
19 #include <ctime>
20 #include <fcntl.h>
21 #include <sys/socket.h>
22 #include <sys/stat.h>
23 #include <sys/types.h>
24 #include <sys/un.h>
25 #include <unistd.h>
26 #include <string>
27 #include <fstream>
28 #include <thread>
29
30 #include "ipc_skeleton.h"
31 #include "securec.h"
32 #include "system_ability_definition.h"
33 #include "iservice_registry.h"
34 #include "parameters.h"
35
36 #include "ability_manager_client.h"
37 #include "extended_vpn_ctl.h"
38 #include "net_event_report.h"
39 #include "net_manager_center.h"
40 #include "net_manager_constants.h"
41 #include "net_manager_ext_constants.h"
42 #include "netmanager_base_permission.h"
43 #include "netmgr_ext_log_wrapper.h"
44 #include "netsys_controller.h"
45 #include "networkvpn_hisysevent.h"
46 #include "net_datashare_utils_iface.h"
47 #ifdef SUPPORT_SYSVPN
48 #include "ipsec_vpn_ctl.h"
49 #include "l2tp_vpn_ctl.h"
50 #include "open_vpn_ctl.h"
51 #include "vpn_data_bean.h"
52 #include "multi_vpn_helper.h"
53 #include "vpn_template_processor.h"
54 #endif // SUPPORT_SYSVPN
55
56 namespace OHOS {
57 namespace NetManagerStandard {
58 constexpr int32_t USER_ID_DIVIDOR = 200000;
59 constexpr int32_t MAX_CALLBACK_COUNT = 128;
60 constexpr const char *NET_ACTIVATE_WORK_THREAD = "VPN_CALLBACK_WORK_THREAD";
61 constexpr const char* VPN_CONFIG_FILE = "/data/service/el1/public/netmanager/vpn_config.json";
62 constexpr const char* VPN_EXTENSION_LABEL = ":vpn";
63 constexpr uint32_t MAX_GET_SERVICE_COUNT = 30;
64 constexpr uint32_t WAIT_FOR_SERVICE_TIME_S = 1;
65 constexpr uint32_t UID_NET_SYS_NATIVE = 1098;
66 constexpr const char *VPNEXT_MODE_URI =
67 "datashare:///com.ohos.settingsdata/entry/settingsdata/SETTINGSDATA?Proxy=true&key=vpnext_mode";
68
69 const bool REGISTER_LOCAL_RESULT_NETVPN =
70 SystemAbility::MakeAndRegisterAbility(DelayedSingleton<NetworkVpnService>::GetInstance().get());
71
72 constexpr const int INVALID_CODE = -1;
73 const std::vector<std::string> ACCESS_PERMISSION {"ohos.permission.GET_NETWORK_INFO"};
74 constexpr const char *const PARAM_KEY_STATE = "state";
75 constexpr const char *const COMMON_EVENT_VPN_CONNECT_STATUS_VALUE =
76 "usual.event.VPN_CONNECTION_STATUS_CHANGED";
77
78 constexpr const char* const PERMISSION_MANAGE_EDM_POLICY = "ohos.permission.MANAGE_EDM_POLICY";
79
NetworkVpnService()80 NetworkVpnService::NetworkVpnService() : SystemAbility(COMM_VPN_MANAGER_SYS_ABILITY_ID, true) {}
~NetworkVpnService()81 NetworkVpnService::~NetworkVpnService()
82 {
83 {
84 std::lock_guard<std::mutex> autoLock(cesMutex_);
85 if (subscriber_ != nullptr) {
86 EventFwk::CommonEventManager::UnSubscribeCommonEvent(subscriber_);
87 }
88 }
89 RemoveALLClientDeathRecipient();
90 }
91
OnStart()92 void NetworkVpnService::OnStart()
93 {
94 if (state_ == STATE_RUNNING) {
95 NETMGR_EXT_LOG_D("OnStart Vpn Service state is already running");
96 return;
97 }
98 if (!Init()) {
99 NETMGR_EXT_LOG_E("OnStart Vpn init failed");
100 VpnHisysEvent::SendFaultEvent(VpnEventType::TYPE_UNKNOWN, VpnEventOperator::OPERATION_START_SA,
101 VpnEventErrorType::ERROR_INTERNAL_ERROR, "Start Vpn Service failed");
102 return;
103 }
104 state_ = STATE_RUNNING;
105 NETMGR_EXT_LOG_I("OnStart vpn successful");
106 }
107
OnStop()108 void NetworkVpnService::OnStop()
109 {
110 state_ = STATE_STOPPED;
111 isServicePublished_ = false;
112
113 NETMGR_EXT_LOG_I("OnStop vpn successful");
114 }
115
Dump(int32_t fd,const std::vector<std::u16string> & args)116 int32_t NetworkVpnService::Dump(int32_t fd, const std::vector<std::u16string> &args)
117 {
118 std::string result;
119 GetDumpMessage(result);
120 NETMGR_EXT_LOG_I("Vpn dump fd: %{public}d, content: %{public}s", fd, result.c_str());
121 int32_t ret = dprintf(fd, "%s\n", result.c_str());
122 if (ret < 0) {
123 NETMGR_EXT_LOG_E("dprintf failed, errno[%{public}d]", errno);
124 return NETMANAGER_EXT_ERR_INTERNAL;
125 }
126 return NETMANAGER_EXT_SUCCESS;
127 }
128
Init()129 bool NetworkVpnService::Init()
130 {
131 if (!REGISTER_LOCAL_RESULT_NETVPN) {
132 NETMGR_EXT_LOG_E("Register to local sa manager failed");
133 return false;
134 }
135 networkVpnServiceFfrtQueue_ = std::make_shared<ffrt::queue>("NetworkVpnService");
136 if (!networkVpnServiceFfrtQueue_) {
137 NETMGR_EXT_LOG_E("FFRT Create Fail");
138 return false;
139 }
140 if (!isServicePublished_) {
141 if (!Publish(DelayedSingleton<NetworkVpnService>::GetInstance().get())) {
142 NETMGR_EXT_LOG_E("Register to sa manager failed");
143 return false;
144 }
145 isServicePublished_ = true;
146 }
147
148 AddSystemAbilityListener(COMM_NETSYS_NATIVE_SYS_ABILITY_ID);
149 AddSystemAbilityListener(COMMON_EVENT_SERVICE_ID);
150
151 SubscribeCommonEvent();
152 if (!vpnConnCallback_) {
153 vpnConnCallback_ = std::make_shared<VpnConnStateCb>(*this);
154 }
155
156 vpnHapObserver_ = new VpnHapObserver(*this);
157 RegisterFactoryResetCallback();
158 return true;
159 }
160
GetDumpMessage(std::string & message)161 void NetworkVpnService::GetDumpMessage(std::string &message)
162 {
163 std::unique_lock<std::mutex> locker(netVpnMutex_);
164 message.append("Net Vpn Info:\n");
165 if (vpnObj_ != nullptr) {
166 const auto &config = vpnObj_->GetVpnConfig();
167 std::string isLegacy = (config->isLegacy_) ? "true" : "false";
168 message.append("\tisLegacy: " + isLegacy + "\n");
169 message.append("\tPackageName: " + vpnObj_->GetVpnPkg() + "\n");
170 message.append("\tinterface: " + vpnObj_->GetInterfaceName() + "\n");
171 message.append("\tstate: connected\n");
172 } else {
173 message.append("\tstate: disconnected\n");
174 }
175 message.append("\tend.\n");
176 }
177
PublishEvent(const OHOS::AAFwk::Want & want,int eventCode,bool isOrdered,bool isSticky,const std::vector<std::string> & permissions) const178 bool NetworkVpnService::PublishEvent(const OHOS::AAFwk::Want &want, int eventCode,
179 bool isOrdered, bool isSticky, const std::vector<std::string> &permissions) const
180 {
181 OHOS::EventFwk::CommonEventData data;
182 data.SetWant(want);
183 if (eventCode != INVALID_CODE) {
184 data.SetCode(eventCode);
185 }
186 OHOS::EventFwk::CommonEventPublishInfo publishInfo;
187 publishInfo.SetOrdered(isOrdered);
188 // sticky tag: EventFwk would keep last event for later subscriber.
189 publishInfo.SetSticky(isSticky);
190 if (permissions.size() > 0) {
191 publishInfo.SetSubscriberPermissions(permissions);
192 }
193 bool publishResult = OHOS::EventFwk::CommonEventManager::PublishCommonEvent(data, publishInfo);
194 return publishResult;
195 }
196
PublishVpnConnectionStateEvent(const VpnConnectState & state) const197 void NetworkVpnService::PublishVpnConnectionStateEvent(const VpnConnectState &state) const
198 {
199 if (userId_ == 0) {
200 NETMGR_EXT_LOG_D("sys user0 do not notify vpn status.");
201 return;
202 }
203 OHOS::AAFwk::Want want;
204 want.SetAction(COMMON_EVENT_VPN_CONNECT_STATUS_VALUE);
205 want.SetParam(PARAM_KEY_STATE, (state == VpnConnectState::VPN_CONNECTED) ? 1 : 0);
206 if (!PublishEvent(want, INVALID_CODE, false, true, ACCESS_PERMISSION)) {
207 NETMGR_EXT_LOG_I("Publish vpn connection state fail.");
208 }
209 }
210
OnVpnConnStateChanged(const VpnConnectState & state)211 void NetworkVpnService::VpnConnStateCb::OnVpnConnStateChanged(const VpnConnectState &state)
212 {
213 NETMGR_EXT_LOG_I("receive new vpn connect state[%{public}d].", static_cast<uint32_t>(state));
214 if (!vpnService_.networkVpnServiceFfrtQueue_) {
215 NETMGR_EXT_LOG_E("FFRT Create Fail");
216 return;
217 }
218 #ifdef SUPPORT_SYSVPN
219 if (state == VpnConnectState::VPN_DISCONNECTED) {
220 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
221 int32_t uid = IPCSkeleton::GetCallingUid();
222 if (AccountSA::OsAccountManager::GetOsAccountLocalIdFromUid(uid, userId) != ERR_OK) {
223 NETMGR_EXT_LOG_E("GetOsAccountLocalIdFromUid error, uid: %{public}d.", uid);
224 return;
225 }
226 for (const auto &[name, vpn] : vpnService_.vpnObjMap_) {
227 if (vpn == nullptr || vpn->multiVpnInfo_ == nullptr) {
228 continue;
229 }
230 if (vpn->multiVpnInfo_->userId == userId &&
231 vpn->multiVpnInfo_->vpnConnectState == VpnConnectState::VPN_CONNECTED) {
232 NETMGR_EXT_LOG_I("OnVpnConnStateChanged :: other vpn is connnected");
233 return;
234 }
235 }
236 }
237 #endif // SUPPORT_SYSVPN
238 vpnService_.PublishVpnConnectionStateEvent(state);
239 std::function<void()> OnVpnConnStateChangedFunction = [this, &state]() {
240 std::for_each(vpnService_.vpnEventCallbacks_.begin(), vpnService_.vpnEventCallbacks_.end(),
241 [&state](const auto &callback) {
242 bool isConnected = (VpnConnectState::VPN_CONNECTED == state) ? true : false;
243 callback->OnVpnStateChanged(isConnected);
244 });
245 };
246 ffrt::task_handle OnVpnConnStateTask =
247 vpnService_.networkVpnServiceFfrtQueue_->submit_h(OnVpnConnStateChangedFunction,
248 ffrt::task_attr().name("OnVpnConnStateChanged"));
249 vpnService_.networkVpnServiceFfrtQueue_->wait(OnVpnConnStateTask);
250 }
251
OnMultiVpnConnStateChanged(const VpnConnectState & state,const std::string & vpnId)252 void NetworkVpnService::VpnConnStateCb::OnMultiVpnConnStateChanged(const VpnConnectState &state,
253 const std::string &vpnId)
254 {
255 #ifdef SUPPORT_SYSVPN
256 NETMGR_EXT_LOG_I("receive new multi vpn connect state[%{public}d].", static_cast<uint32_t>(state));
257 if (!vpnService_.networkVpnServiceFfrtQueue_) {
258 NETMGR_EXT_LOG_E("FFRT Create Fail");
259 return;
260 }
261 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
262 if (AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId) != ERR_OK) {
263 NETMGR_EXT_LOG_E("GetForegroundOsAccountLocalId error");
264 return;
265 }
266 std::function<void()> OnVpnConnStateChangedFunction = [this, &state, userId, vpnId]() {
267 std::for_each(vpnService_.multiVpnEventCallbacks_.begin(), vpnService_.multiVpnEventCallbacks_.end(),
268 [&state, userId, vpnId](const auto &callback) {
269 if (callback->userId == userId) {
270 bool isConnected = (VpnConnectState::VPN_CONNECTED == state) ? true : false;
271 callback->callback->OnMultiVpnStateChanged(isConnected, callback->bundleName, vpnId);
272 }
273 });
274 };
275 ffrt::task_handle OnVpnConnStateTask =
276 vpnService_.networkVpnServiceFfrtQueue_->submit_h(OnVpnConnStateChangedFunction,
277 ffrt::task_attr().name("OnVpnConnStateChanged"));
278 vpnService_.networkVpnServiceFfrtQueue_->wait(OnVpnConnStateTask);
279 #endif // SUPPORT_SYSVPN
280 }
281
OnVpnMultiUserSetUp()282 void NetworkVpnService::OnVpnMultiUserSetUp()
283 {
284 NETMGR_EXT_LOG_I("user multiple execute set up.");
285 if (!networkVpnServiceFfrtQueue_) {
286 NETMGR_EXT_LOG_E("FFRT Create Fail");
287 return;
288 }
289 std::function<void()> OnVpnMultiUserSetUpFunction = [this]() {
290 std::for_each(vpnEventCallbacks_.begin(), vpnEventCallbacks_.end(),
291 [](const auto &callback) { callback->OnVpnMultiUserSetUp(); });
292 };
293 ffrt::task_handle OnVpnMultiUserSetUpTask =
294 networkVpnServiceFfrtQueue_->submit_h(OnVpnMultiUserSetUpFunction,
295 ffrt::task_attr().name("OnVpnMultiUserSetUp"));
296 networkVpnServiceFfrtQueue_->wait(OnVpnMultiUserSetUpTask);
297 }
298
CheckIpcPermission(const std::string & strPermission)299 int32_t NetworkVpnService::CheckIpcPermission(const std::string &strPermission)
300 {
301 if (!NetManagerPermission::IsSystemCaller()) {
302 NETMGR_EXT_LOG_E("is not system call");
303 return NETMANAGER_ERR_NOT_SYSTEM_CALL;
304 }
305 if (!strPermission.empty() && !NetManagerPermission::CheckPermission(strPermission)) {
306 NETMGR_EXT_LOG_E("Permission denied permission: %{public}s", strPermission.c_str());
307 return NETMANAGER_ERR_PERMISSION_DENIED;
308 }
309 return NETMANAGER_SUCCESS;
310 }
311
Prepare(bool & isExistVpn,bool & isRun,std::string & pkg)312 int32_t NetworkVpnService::Prepare(bool &isExistVpn, bool &isRun, std::string &pkg)
313 {
314 std::string vpnBundleName = GetBundleName();
315 if (!CheckSystemCall(vpnBundleName)) {
316 return NETMANAGER_ERR_NOT_SYSTEM_CALL;
317 }
318 if (!CheckVpnPermission(vpnBundleName)) {
319 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
320 }
321 std::unique_lock<std::mutex> locker(netVpnMutex_);
322 isRun = false;
323 isExistVpn = false;
324 if (vpnObj_ != nullptr) {
325 isExistVpn = true;
326 isRun = vpnObj_->IsVpnConnecting();
327 pkg = vpnObj_->GetVpnPkg();
328 }
329 NETMGR_EXT_LOG_I("NetworkVpnService Prepare successfully");
330 return NETMANAGER_EXT_SUCCESS;
331 }
332
ConvertStringToConfig(sptr<VpnConfig> & vpnCfg,const cJSON * const doc)333 void NetworkVpnService::ConvertStringToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc)
334 {
335 cJSON *dnsAddr = cJSON_GetObjectItem(doc, "dnsAddresses");
336 if (dnsAddr != nullptr && cJSON_IsArray(dnsAddr)) {
337 for (int32_t i = 0; i < cJSON_GetArraySize(dnsAddr); i++) {
338 cJSON *item = cJSON_GetArrayItem(dnsAddr, i);
339 if (cJSON_IsString(item)) {
340 std::string mem = cJSON_GetStringValue(item);
341 vpnCfg->dnsAddresses_.push_back(mem);
342 }
343 }
344 }
345 cJSON *sDomain = cJSON_GetObjectItem(doc, "searchDomains");
346 if (sDomain != nullptr && cJSON_IsArray(sDomain)) {
347 for (int32_t i = 0; i < cJSON_GetArraySize(sDomain); i++) {
348 cJSON *item = cJSON_GetArrayItem(sDomain, i);
349 if (cJSON_IsString(item)) {
350 std::string mem = cJSON_GetStringValue(item);
351 vpnCfg->searchDomains_.push_back(mem);
352 }
353 }
354 }
355 cJSON *acceptApp = cJSON_GetObjectItem(doc, "acceptedApplications");
356 if (acceptApp != nullptr && cJSON_IsArray(acceptApp)) {
357 for (int32_t i = 0; i < cJSON_GetArraySize(acceptApp); i++) {
358 cJSON *item = cJSON_GetArrayItem(acceptApp, i);
359 if (cJSON_IsString(item)) {
360 std::string mem = cJSON_GetStringValue(item);
361 NETMGR_EXT_LOG_D("acceptApp = %{public}s", mem.c_str());
362 vpnCfg->acceptedApplications_.push_back(mem);
363 }
364 }
365 }
366 cJSON *refusedApp = cJSON_GetObjectItem(doc, "refusedApplications");
367 if (refusedApp != nullptr && cJSON_IsArray(refusedApp)) {
368 for (int32_t i = 0; i < cJSON_GetArraySize(refusedApp); i++) {
369 cJSON *item = cJSON_GetArrayItem(refusedApp, i);
370 if (cJSON_IsString(item)) {
371 std::string mem = cJSON_GetStringValue(item);
372 NETMGR_EXT_LOG_D("refusedApp = %{public}s", mem.c_str());
373 vpnCfg->refusedApplications_.push_back(mem);
374 }
375 }
376 }
377 }
378
ConvertNetAddrToConfig(INetAddr & tmp,const cJSON * const mem)379 void NetworkVpnService::ConvertNetAddrToConfig(INetAddr& tmp, const cJSON* const mem)
380 {
381 cJSON *type = cJSON_GetObjectItem(mem, "type");
382 if (type != nullptr && cJSON_IsNumber(type)) {
383 tmp.type_ = static_cast<int32_t>(cJSON_GetNumberValue(type));
384 NETMGR_EXT_LOG_D("type = %{public}d", tmp.type_);
385 }
386 cJSON *family = cJSON_GetObjectItem(mem, "family");
387 if (family != nullptr && cJSON_IsNumber(family)) {
388 tmp.family_ = static_cast<int32_t>(cJSON_GetNumberValue(family));
389 NETMGR_EXT_LOG_D("family = %{public}d", tmp.family_);
390 }
391 cJSON *prefixlen = cJSON_GetObjectItem(mem, "prefixlen");
392 if (prefixlen != nullptr && cJSON_IsNumber(prefixlen)) {
393 tmp.prefixlen_ = static_cast<int32_t>(cJSON_GetNumberValue(prefixlen));
394 NETMGR_EXT_LOG_D("prefixlen = %{public}d", tmp.prefixlen_);
395 }
396 cJSON *address = cJSON_GetObjectItem(mem, "address");
397 if (address != nullptr && cJSON_IsString(address)) {
398 tmp.address_ = cJSON_GetStringValue(address);
399 }
400 cJSON *netMask = cJSON_GetObjectItem(mem, "netMask");
401 if (netMask != nullptr && cJSON_IsString(netMask)) {
402 tmp.netMask_ = cJSON_GetStringValue(netMask);
403 NETMGR_EXT_LOG_D("netMask = %{public}s", tmp.netMask_.c_str());
404 }
405 cJSON *hostName = cJSON_GetObjectItem(mem, "hostName");
406 if (hostName != nullptr && cJSON_IsString(hostName)) {
407 tmp.hostName_ = cJSON_GetStringValue(hostName);
408 }
409 cJSON *port = cJSON_GetObjectItem(mem, "port");
410 if (port != nullptr && cJSON_IsNumber(port)) {
411 tmp.port_ = static_cast<int32_t>(cJSON_GetNumberValue(port));
412 NETMGR_EXT_LOG_D("port = %{public}d", tmp.port_);
413 }
414 }
415
ConvertVecAddrToConfig(sptr<VpnConfig> & vpnCfg,const cJSON * const doc)416 void NetworkVpnService::ConvertVecAddrToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc)
417 {
418 cJSON *addresses = cJSON_GetObjectItem(doc, "addresses");
419 if (addresses != nullptr && cJSON_IsArray(addresses)) {
420 uint32_t itemSize = cJSON_GetArraySize(addresses);
421 for (uint32_t i = 0; i < itemSize; i++) {
422 cJSON *item = cJSON_GetArrayItem(addresses, i);
423 if (cJSON_IsObject(item)) {
424 INetAddr tmp;
425 ConvertNetAddrToConfig(tmp, item);
426 vpnCfg->addresses_.push_back(tmp);
427 }
428 }
429 }
430 }
431
ConvertRouteToConfig(Route & tmp,const cJSON * const mem)432 void NetworkVpnService::ConvertRouteToConfig(Route& tmp, const cJSON* const mem)
433 {
434 cJSON *iface = cJSON_GetObjectItem(mem, "iface");
435 if (iface != nullptr && cJSON_IsString(iface)) {
436 tmp.iface_ = cJSON_GetStringValue(iface);
437 NETMGR_EXT_LOG_D("iface = %{public}s", tmp.iface_.c_str());
438 }
439 cJSON *rtnType = cJSON_GetObjectItem(mem, "rtnType");
440 if (rtnType != nullptr && cJSON_IsNumber(rtnType)) {
441 tmp.rtnType_ = cJSON_GetNumberValue(rtnType);
442 NETMGR_EXT_LOG_D("rtnType = %{public}d", tmp.rtnType_);
443 }
444 cJSON *mtu = cJSON_GetObjectItem(mem, "mtu");
445 if (mtu != nullptr && cJSON_IsNumber(mtu)) {
446 tmp.mtu_ = cJSON_GetNumberValue(mtu);
447 NETMGR_EXT_LOG_D("mtu = %{public}d", tmp.mtu_);
448 }
449 cJSON *isHost = cJSON_GetObjectItem(mem, "isHost");
450 if (isHost != nullptr && cJSON_IsBool(isHost)) {
451 tmp.isHost_ = cJSON_IsTrue(isHost) ? true : false;
452 NETMGR_EXT_LOG_D("isHost = %{public}d", tmp.isHost_);
453 }
454 cJSON *hasGateway = cJSON_GetObjectItem(mem, "hasGateway");
455 if (hasGateway != nullptr && cJSON_IsBool(hasGateway)) {
456 tmp.hasGateway_ = cJSON_IsTrue(hasGateway) ? true : false;
457 NETMGR_EXT_LOG_D("hasGateway_ = %{public}d", tmp.hasGateway_);
458 }
459 cJSON *isDefaultRoute = cJSON_GetObjectItem(mem, "isDefaultRoute");
460 if (isDefaultRoute != nullptr && cJSON_IsBool(isDefaultRoute)) {
461 tmp.isDefaultRoute_ = cJSON_IsTrue(isDefaultRoute) ? true : false;
462 NETMGR_EXT_LOG_D("isDefaultRoute_ = %{public}d", tmp.isDefaultRoute_);
463 }
464 cJSON *destination = cJSON_GetObjectItem(mem, "destination");
465 if (destination != nullptr && cJSON_IsObject(destination)) {
466 INetAddr tmpINet;
467 ConvertNetAddrToConfig(tmpINet, destination);
468 tmp.destination_ = tmpINet;
469 }
470 cJSON *gateway = cJSON_GetObjectItem(mem, "gateway");
471 if (gateway != nullptr && cJSON_IsObject(gateway)) {
472 INetAddr tmpINet;
473 ConvertNetAddrToConfig(tmpINet, gateway);
474 tmp.gateway_ = tmpINet;
475 }
476 }
477
ConvertVecRouteToConfig(sptr<VpnConfig> & vpnCfg,const cJSON * const doc)478 void NetworkVpnService::ConvertVecRouteToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc)
479 {
480 cJSON *routes = cJSON_GetObjectItem(doc, "routes");
481 if (routes != nullptr && cJSON_IsArray(routes)) {
482 uint32_t itemSize = cJSON_GetArraySize(routes);
483 for (uint32_t i = 0; i < itemSize; i++) {
484 cJSON *item = cJSON_GetArrayItem(routes, i);
485 if (cJSON_IsObject(item)) {
486 Route tmp;
487 ConvertRouteToConfig(tmp, item);
488 vpnCfg->routes_.push_back(tmp);
489 }
490 }
491 }
492 }
493
ParseJsonToConfig(sptr<VpnConfig> & vpnCfg,const std::string & jsonString)494 void NetworkVpnService::ParseJsonToConfig(sptr<VpnConfig> &vpnCfg, const std::string& jsonString)
495 {
496 cJSON *doc = cJSON_Parse(jsonString.c_str());
497 if (doc == nullptr) {
498 NETMGR_EXT_LOG_E("jsonString parse failed!");
499 return;
500 }
501 cJSON *mtu = cJSON_GetObjectItem(doc, "mtu");
502 if (mtu != nullptr && cJSON_IsNumber(mtu)) {
503 vpnCfg->mtu_ = cJSON_GetNumberValue(mtu);
504 NETMGR_EXT_LOG_D("mtu = %{public}d", vpnCfg->mtu_);
505 }
506 cJSON *isAcceptIPv4 = cJSON_GetObjectItem(doc, "isAcceptIPv4");
507 if (isAcceptIPv4 != nullptr && cJSON_IsBool(isAcceptIPv4)) {
508 vpnCfg->isAcceptIPv4_ = cJSON_IsTrue(isAcceptIPv4);
509 NETMGR_EXT_LOG_D("isAcceptIPv4 = %{public}d", vpnCfg->isAcceptIPv4_);
510 }
511 cJSON *isAcceptIPv6 = cJSON_GetObjectItem(doc, "isAcceptIPv6");
512 if (isAcceptIPv6 != nullptr && cJSON_IsBool(isAcceptIPv6)) {
513 vpnCfg->isAcceptIPv6_ = cJSON_IsTrue(isAcceptIPv6);
514 NETMGR_EXT_LOG_D("isAcceptIPv6 = %{public}d", vpnCfg->isAcceptIPv6_);
515 }
516 cJSON *isLegacy = cJSON_GetObjectItem(doc, "isLegacy");
517 if (isLegacy != nullptr && cJSON_IsBool(isLegacy)) {
518 vpnCfg->isLegacy_ = cJSON_IsTrue(isLegacy);
519 NETMGR_EXT_LOG_D("isLegacy = %{public}d", vpnCfg->isLegacy_);
520 }
521 cJSON *isMetered = cJSON_GetObjectItem(doc, "isMetered");
522 if (isMetered != nullptr && cJSON_IsBool(isMetered)) {
523 vpnCfg->isMetered_ = cJSON_IsTrue(isMetered);
524 NETMGR_EXT_LOG_D("isMetered = %{public}d", vpnCfg->isMetered_);
525 }
526 cJSON *isBlocking = cJSON_GetObjectItem(doc, "isBlocking");
527 if (isBlocking != nullptr && cJSON_IsBool(isBlocking)) {
528 vpnCfg->isBlocking_ = cJSON_IsTrue(isBlocking);
529 NETMGR_EXT_LOG_D("isBlocking = %{public}d", vpnCfg->isBlocking_);
530 }
531
532 ConvertStringToConfig(vpnCfg, doc);
533
534 ConvertVecAddrToConfig(vpnCfg, doc);
535
536 ConvertVecRouteToConfig(vpnCfg, doc);
537
538 cJSON_Delete(doc);
539 }
540
RecoverVpnConfig()541 void NetworkVpnService::RecoverVpnConfig()
542 {
543 sptr<VpnConfig> vpnCfg = new VpnConfig();
544 std::ifstream ifs(VPN_CONFIG_FILE);
545 if (!ifs) {
546 NETMGR_EXT_LOG_D("file don't exist, don't need recover");
547 return;
548 }
549 std::string jsonString;
550 std::getline(ifs, jsonString);
551 ParseJsonToConfig(vpnCfg, jsonString);
552 SetUpVpn(*vpnCfg);
553 }
554
ConvertNetAddrToJson(const INetAddr & netAddr,cJSON * jInetAddr)555 void NetworkVpnService::ConvertNetAddrToJson(const INetAddr& netAddr, cJSON* jInetAddr)
556 {
557 cJSON_AddItemToObject(jInetAddr, "type", cJSON_CreateNumber(netAddr.type_));
558 cJSON_AddItemToObject(jInetAddr, "family", cJSON_CreateNumber(netAddr.family_));
559 cJSON_AddItemToObject(jInetAddr, "prefixlen", cJSON_CreateNumber(netAddr.prefixlen_));
560 cJSON_AddItemToObject(jInetAddr, "address", cJSON_CreateString(netAddr.address_.c_str()));
561 cJSON_AddItemToObject(jInetAddr, "netMask", cJSON_CreateString(netAddr.netMask_.c_str()));
562 cJSON_AddItemToObject(jInetAddr, "hostName", cJSON_CreateString(netAddr.hostName_.c_str()));
563 cJSON_AddItemToObject(jInetAddr, "port", cJSON_CreateNumber(netAddr.port_));
564 }
565
ConvertVecRouteToJson(const std::vector<Route> & routes,cJSON * jVecRoutes)566 void NetworkVpnService::ConvertVecRouteToJson(const std::vector<Route>& routes, cJSON* jVecRoutes)
567 {
568 for (const auto& mem : routes) {
569 cJSON *jRoute = cJSON_CreateObject();
570 cJSON_AddItemToObject(jRoute, "iface", cJSON_CreateString(mem.iface_.c_str()));
571 cJSON *jDestination = cJSON_CreateObject();
572 ConvertNetAddrToJson(mem.destination_, jDestination);
573 cJSON_AddItemToObject(jRoute, "destination", jDestination);
574 cJSON *jGateway = cJSON_CreateObject();
575 ConvertNetAddrToJson(mem.gateway_, jGateway);
576 cJSON_AddItemToObject(jRoute, "gateway", jGateway);
577 cJSON_AddItemToObject(jRoute, "rtnType", cJSON_CreateNumber(mem.rtnType_));
578 cJSON_AddItemToObject(jRoute, "mtu", cJSON_CreateNumber(mem.mtu_));
579 cJSON_AddItemToObject(jRoute, "isHost", cJSON_CreateBool(mem.isHost_));
580 cJSON_AddItemToObject(jRoute, "hasGateway", cJSON_CreateBool(mem.hasGateway_));
581 cJSON_AddItemToObject(jRoute, "isDefaultRoute", cJSON_CreateBool(mem.isDefaultRoute_));
582 cJSON_AddItemToArray(jVecRoutes, jRoute);
583 }
584 }
585
ParseConfigToJson(const sptr<VpnConfig> & vpnCfg,std::string & jsonString)586 void NetworkVpnService::ParseConfigToJson(const sptr<VpnConfig> &vpnCfg, std::string& jsonString)
587 {
588 cJSON *root = cJSON_CreateObject();
589 cJSON *jVecAddrs = cJSON_CreateArray();
590 for (const auto& mem : vpnCfg->addresses_) {
591 cJSON *jInetAddr = cJSON_CreateObject();
592 ConvertNetAddrToJson(mem, jInetAddr);
593 cJSON_AddItemToArray(jVecAddrs, jInetAddr);
594 }
595 cJSON_AddItemToObject(root, "addresses", jVecAddrs);
596
597 cJSON *jVecRoutes = cJSON_CreateArray();
598 ConvertVecRouteToJson(vpnCfg->routes_, jVecRoutes);
599 cJSON_AddItemToObject(root, "routes", jVecRoutes);
600
601 cJSON_AddItemToObject(root, "mtu", cJSON_CreateNumber(vpnCfg->mtu_));
602 cJSON_AddItemToObject(root, "isAcceptIPv4", cJSON_CreateBool(vpnCfg->isAcceptIPv4_));
603 cJSON_AddItemToObject(root, "isAcceptIPv6", cJSON_CreateBool(vpnCfg->isAcceptIPv6_));
604 cJSON_AddItemToObject(root, "isLegacy", cJSON_CreateBool(vpnCfg->isLegacy_));
605 cJSON_AddItemToObject(root, "isMetered", cJSON_CreateBool(vpnCfg->isMetered_));
606 cJSON_AddItemToObject(root, "isBlocking", cJSON_CreateBool(vpnCfg->isBlocking_));
607
608 cJSON *jVecDnsAddrs = cJSON_CreateArray();
609 for (const auto& mem : vpnCfg->dnsAddresses_) {
610 cJSON_AddItemToArray(jVecDnsAddrs, cJSON_CreateString(mem.c_str()));
611 }
612 cJSON_AddItemToObject(root, "dnsAddresses", jVecDnsAddrs);
613
614 cJSON *jVecDomains = cJSON_CreateArray();
615 for (const auto& mem : vpnCfg->searchDomains_) {
616 cJSON_AddItemToArray(jVecDomains, cJSON_CreateString(mem.c_str()));
617 }
618 cJSON_AddItemToObject(root, "searchDomains", jVecDomains);
619
620 cJSON *jVecAcceptApp = cJSON_CreateArray();
621 for (const auto& mem : vpnCfg->acceptedApplications_) {
622 cJSON_AddItemToArray(jVecAcceptApp, cJSON_CreateString(mem.c_str()));
623 }
624 cJSON_AddItemToObject(root, "acceptedApplications", jVecAcceptApp);
625
626 cJSON *jVecRefuseApp = cJSON_CreateArray();
627 for (const auto& mem : vpnCfg->refusedApplications_) {
628 cJSON_AddItemToArray(jVecRefuseApp, cJSON_CreateString(mem.c_str()));
629 }
630 cJSON_AddItemToObject(root, "refusedApplications", jVecRefuseApp);
631 char *str = cJSON_Print(root);
632 if (str == nullptr) {
633 cJSON_Delete(root);
634 return;
635 }
636 jsonString = str;
637 cJSON_Delete(root);
638 free(str);
639 }
640
SaveVpnConfig(const sptr<VpnConfig> & vpnCfg)641 void NetworkVpnService::SaveVpnConfig(const sptr<VpnConfig> &vpnCfg)
642 {
643 std::string jsonString;
644 ParseConfigToJson(vpnCfg, jsonString);
645 std::ofstream ofs(VPN_CONFIG_FILE);
646 ofs << jsonString;
647 }
648
CheckSystemCall(const std::string & bundleName)649 bool NetworkVpnService::CheckSystemCall(const std::string &bundleName)
650 {
651 if (!NetManagerPermission::IsSystemCaller()) {
652 return CheckVpnExtPermission(bundleName);
653 }
654 return true;
655 }
656
CheckVpnPermission(const std::string & bundleName)657 bool NetworkVpnService::CheckVpnPermission(const std::string &bundleName)
658 {
659 if (!NetManagerPermission::CheckPermission(Permission::MANAGE_VPN)) {
660 return CheckVpnExtPermission(bundleName);
661 }
662 return true;
663 }
664
IsSetUpReady(const std::string & vpnId,std::string & vpnBundleName,int32_t & userId,std::vector<int32_t> & activeUserIds)665 int32_t NetworkVpnService::IsSetUpReady(const std::string &vpnId, std::string &vpnBundleName,
666 int32_t &userId, std::vector<int32_t> &activeUserIds)
667 {
668 if (OHOS::system::GetBoolParameter("persist.edm.vpn_disable", false)) {
669 NETMGR_EXT_LOG_E("persist.edm.vpn_disable disallowed setting up vpn");
670 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
671 }
672 vpnBundleName = GetBundleName();
673 if (!CheckSystemCall(vpnBundleName)) {
674 NETMGR_EXT_LOG_W("forbit setup, CheckSystemCall");
675 return NETMANAGER_ERR_NOT_SYSTEM_CALL;
676 }
677 if (!CheckVpnPermission(vpnBundleName)) {
678 NETMGR_EXT_LOG_W("forbit setup, CheckVpnPermission");
679 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
680 }
681 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
682 if (ret != NETMANAGER_EXT_SUCCESS) {
683 NETMGR_EXT_LOG_W("forbit setup, CheckCurrentAccountType");
684 return ret;
685 }
686 #ifdef SUPPORT_SYSVPN
687 if ((vpnId.empty() && vpnObj_ != nullptr) || (vpnObjMap_.find(vpnId) != vpnObjMap_.end())) {
688 NETMGR_EXT_LOG_W("forbit setup, vpn exist already:%{public}s", vpnId.c_str());
689 return NETWORKVPN_ERROR_VPN_EXIST;
690 }
691 if (vpnObj_ != nullptr && vpnObj_->multiVpnInfo_ != nullptr && !vpnObj_->multiVpnInfo_->isVpnExtCall
692 && vpnObj_->multiVpnInfo_->vpnConnectState != VpnConnectState::VPN_DISCONNECTED) {
693 NETMGR_EXT_LOG_W("forbit setup, exist system vpn");
694 return NETMANAGER_EXT_ERR_INTERNAL;
695 }
696 #else
697 if (vpnObj_ != nullptr) {
698 NETMGR_EXT_LOG_W("%{public}s", (vpnObj_->GetUserId() == userId ?
699 "vpn exist already, please execute destory first" : "vpn using by other user"));
700 return NETWORKVPN_ERROR_VPN_EXIST;
701 }
702 #endif // SUPPORT_SYSVPN
703 return NETMANAGER_EXT_SUCCESS;
704 }
705
CheckVpnExtPermission(const std::string & bundleName)706 bool NetworkVpnService::CheckVpnExtPermission(const std::string &bundleName)
707 {
708 int32_t ret = NETMANAGER_EXT_SUCCESS;
709 std::string vpnExtMode;
710 #ifdef SUPPORT_SYSVPN
711 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
712 int32_t uid = IPCSkeleton::GetCallingUid();
713 if (AccountSA::OsAccountManager::GetOsAccountLocalIdFromUid(uid, userId) != ERR_OK) {
714 NETMGR_EXT_LOG_E("CheckSystemCall GetOsAccountLocalIdFromUid error, uid: %{public}d.", uid);
715 return false;
716 }
717 std::string key = bundleName + "_" + std::to_string(userId);
718 NETMGR_EXT_LOG_D("ret = [%{public}d], bundleName = [%{public}s] userId = [%{public}d]",
719 ret, bundleName.c_str(), userId);
720 ret = NetDataShareHelperUtilsIface::Query(VPNEXT_MODE_URI, key, vpnExtMode);
721 if (ret == NETMANAGER_EXT_SUCCESS && vpnExtMode == "1") {
722 return true;
723 }
724 #endif // SUPPORT_SYSVPN
725 ret = NetDataShareHelperUtilsIface::Query(VPNEXT_MODE_URI, bundleName, vpnExtMode);
726 if (ret != NETMANAGER_EXT_SUCCESS || vpnExtMode != "1") {
727 NETMGR_EXT_LOG_E("query datebase fail.");
728 return false;
729 }
730 return true;
731 }
732
SetUpVpn(const VpnConfig & config,bool isVpnExtCall)733 int32_t NetworkVpnService::SetUpVpn(const VpnConfig &config, bool isVpnExtCall)
734 {
735 NETMGR_EXT_LOG_I("SetUpVpn in");
736 std::unique_lock<std::mutex> locker(netVpnMutex_);
737 std::string vpnBundleName;
738 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
739 std::vector<int32_t> activeUserIds;
740 int32_t ret = IsSetUpReady(config.vpnId_, vpnBundleName, userId, activeUserIds);
741 if (ret != NETMANAGER_EXT_SUCCESS) {
742 NETMGR_EXT_LOG_W("SetUpVpn failed, not ready");
743 return ret;
744 }
745 userId_ = userId;
746 std::shared_ptr<NetVpnImpl> vpnObj = std::make_shared<ExtendedVpnCtl>(
747 sptr<VpnConfig>::MakeSptr(config), "", userId, activeUserIds);
748 if (vpnObj == nullptr || vpnObj->RegisterConnectStateChangedCb(vpnConnCallback_) != NETMANAGER_EXT_SUCCESS) {
749 NETMGR_EXT_LOG_E("SetUpVpn register internal callback fail.");
750 return NETMANAGER_EXT_ERR_INTERNAL;
751 }
752 #ifdef SUPPORT_SYSVPN
753 if (!config.vpnId_.empty() &&
754 InitMultiVpnInfo(config.vpnId_, 0, vpnBundleName, userId, vpnObj) != NETMANAGER_EXT_SUCCESS) {
755 return NETMANAGER_EXT_ERR_INTERNAL;
756 }
757 #endif // SUPPORT_SYSVPN
758 ret = vpnObj->SetUp();
759 if (ret != NETMANAGER_EXT_SUCCESS) {
760 NETMGR_EXT_LOG_E("SetUp failed");
761 return ret;
762 }
763 if (!vpnBundleName.empty()) {
764 std::vector<std::string> list = {vpnBundleName, vpnBundleName + VPN_EXTENSION_LABEL};
765 auto regRet =
766 Singleton<AppExecFwk::AppMgrClient>::GetInstance().RegisterApplicationStateObserver(vpnHapObserver_, list);
767 NETMGR_EXT_LOG_I("vpnHapOberver RegisterApplicationStateObserver ret = %{public}d", regRet);
768 }
769 #ifdef SUPPORT_SYSVPN
770 if (!config.vpnId_.empty()) {
771 MultiVpnHelper::GetInstance().AddMultiVpnInfo(vpnObj->multiVpnInfo_);
772 vpnObjMap_.insert({config.vpnId_, vpnObj});
773 connectingObj_ = vpnObj;
774 return ret;
775 }
776 #endif // SUPPORT_SYSVPN
777 hasOpenedVpnUid_ = IPCSkeleton::GetCallingUid();
778 currSetUpVpnPid_ = IPCSkeleton::GetCallingPid();
779 currentVpnBundleName_ = vpnBundleName;
780 vpnObj_ = vpnObj;
781 return ret;
782 }
783
Protect(bool isVpnExtCall)784 int32_t NetworkVpnService::Protect(bool isVpnExtCall)
785 {
786 /*
787 * Only permission verification is performed and
788 * the protected socket implements fwmark_service in the netsys process.
789 */
790 std::string vpnBundleName = GetBundleName();
791 if (!CheckSystemCall(vpnBundleName)) {
792 return NETMANAGER_ERR_NOT_SYSTEM_CALL;
793 }
794 if (!CheckVpnPermission(vpnBundleName)) {
795 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
796 }
797 NETMGR_EXT_LOG_I("Protect vpn tunnel successfully.");
798 return NETMANAGER_EXT_SUCCESS;
799 }
800
DestroyVpn(bool isVpnExtCall)801 int32_t NetworkVpnService::DestroyVpn(bool isVpnExtCall)
802 {
803 NETMGR_EXT_LOG_I("DestroyVpn in");
804 std::unique_lock<std::mutex> locker(netVpnMutex_);
805 std::string vpnBundleName = GetBundleName();
806 if (!CheckSystemCall(vpnBundleName)) {
807 return NETMANAGER_ERR_NOT_SYSTEM_CALL;
808 }
809 if (!CheckVpnPermission(vpnBundleName)) {
810 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
811 }
812
813 if (!NetManagerPermission::CheckPermission(PERMISSION_MANAGE_EDM_POLICY)) {
814 if (hasOpenedVpnUid_ != IPCSkeleton::GetCallingUid()) {
815 #ifdef SUPPORT_SYSVPN
816 return DestroyMultiVpn(IPCSkeleton::GetCallingUid());
817 #endif // SUPPORT_SYSVPN
818 NETMGR_EXT_LOG_E("not same vpn, can't destroy");
819 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
820 }
821 }
822
823 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
824 std::vector<int32_t> activeUserIds;
825 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
826 if (NETMANAGER_EXT_SUCCESS != ret) {
827 return ret;
828 }
829 if ((vpnObj_ != nullptr) && (vpnObj_->Destroy() != NETMANAGER_EXT_SUCCESS)) {
830 NETMGR_EXT_LOG_E("destroy vpn is failed");
831 return NETMANAGER_EXT_ERR_INTERNAL;
832 }
833 vpnObj_ = nullptr;
834 // remove vpn config
835 remove(VPN_CONFIG_FILE);
836
837 NETMGR_EXT_LOG_I("Destroy vpn successfully.");
838 currSetUpVpnPid_ = 0;
839 return NETMANAGER_EXT_SUCCESS;
840 }
841
842 #ifdef SUPPORT_SYSVPN
InitMultiVpnInfo(const std::string & vpnId,int32_t vpnType,std::string & vpnBundleName,int32_t userId,std::shared_ptr<NetVpnImpl> & vpnObj)843 int32_t NetworkVpnService::InitMultiVpnInfo(const std::string &vpnId, int32_t vpnType,
844 std::string &vpnBundleName, int32_t userId, std::shared_ptr<NetVpnImpl> &vpnObj)
845 {
846 if (vpnObj == nullptr) {
847 NETMGR_EXT_LOG_E("InitMultiVpnInfo failed");
848 return NETMANAGER_EXT_ERR_INTERNAL;
849 }
850 if (MultiVpnHelper::GetInstance().CreateMultiVpnInfo(
851 vpnId, vpnType, vpnObj->multiVpnInfo_) != NETMANAGER_EXT_SUCCESS) {
852 NETMGR_EXT_LOG_E("InitMultiVpnInfo failed");
853 return NETMANAGER_EXT_ERR_INTERNAL;
854 }
855 vpnObj->multiVpnInfo_->bundleName = vpnBundleName;
856 vpnObj->multiVpnInfo_->userId = userId;
857 return NETMANAGER_EXT_SUCCESS;
858 }
859
DestroyVpn(const std::string & vpnId)860 int32_t NetworkVpnService::DestroyVpn(const std::string &vpnId)
861 {
862 if (vpnId.empty()) {
863 NETMGR_EXT_LOG_E("vpnId is empty");
864 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
865 }
866 std::unique_lock<std::mutex> locker(netVpnMutex_);
867 std::string vpnBundleName = GetBundleName();
868 if (!CheckVpnPermission(vpnBundleName)) {
869 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
870 }
871 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
872 std::vector<int32_t> activeUserIds;
873 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
874 if (NETMANAGER_EXT_SUCCESS != ret) {
875 return ret;
876 }
877 NETMGR_EXT_LOG_I("DestroyVpn vpnId = %{public}s", vpnId.c_str());
878 auto it = vpnObjMap_.find(vpnId);
879 if (it != vpnObjMap_.end()) {
880 return DestroyMultiVpn(it->second);
881 }
882 return NETMANAGER_EXT_SUCCESS;
883 }
884
DestroyMultiVpn(int32_t callingUid)885 int32_t NetworkVpnService::DestroyMultiVpn(int32_t callingUid)
886 {
887 for (auto it = vpnObjMap_.begin(); it != vpnObjMap_.end();) {
888 std::shared_ptr<NetVpnImpl> vpnObj = it->second;
889 if (vpnObj == nullptr || vpnObj->multiVpnInfo_ == nullptr) {
890 NETMGR_EXT_LOG_E("DestroyMultiVpn failed, vpnObj invalid, calling:%{public}d", callingUid);
891 it = vpnObjMap_.erase(it);
892 return NETMANAGER_EXT_ERR_INTERNAL;
893 }
894 if (vpnObj->multiVpnInfo_->callingUid == callingUid) {
895 it = vpnObjMap_.erase(it);
896 DestroyMultiVpn(vpnObj, false);
897 } else {
898 ++it;
899 }
900 }
901 return NETMANAGER_EXT_SUCCESS;
902 }
903
DestroyMultiVpn(const std::shared_ptr<NetVpnImpl> & vpnObj,bool needErase)904 int32_t NetworkVpnService::DestroyMultiVpn(const std::shared_ptr<NetVpnImpl> &vpnObj, bool needErase)
905 {
906 if (vpnObj == nullptr) {
907 NETMGR_EXT_LOG_E("DestroyMultiVpn failed, vpnObj null");
908 return NETMANAGER_EXT_ERR_INTERNAL;
909 }
910 if (vpnObj->Destroy() != NETMANAGER_EXT_SUCCESS) {
911 NETMGR_EXT_LOG_E("destroy vpn is failed");
912 return NETMANAGER_EXT_ERR_INTERNAL;
913 }
914 sptr<MultiVpnInfo> multiVpnInterface = vpnObj->multiVpnInfo_;
915 if (multiVpnInterface == nullptr) {
916 NETMGR_EXT_LOG_E("DestroyMultiVpn failed, multiVpnInfo_ null");
917 return NETMANAGER_EXT_ERR_INTERNAL;
918 }
919 NETMGR_EXT_LOG_I("DestroyMultiVpn:%{public}s", multiVpnInterface->vpnId.c_str());
920 if (MultiVpnHelper::GetInstance().DelMultiVpnInfo(multiVpnInterface)
921 != NETMANAGER_EXT_SUCCESS) {
922 NETMGR_EXT_LOG_E("DestroyMultiVpn DelMultiVpnInfo failed");
923 return NETMANAGER_EXT_ERR_INTERNAL;
924 }
925 if (needErase) {
926 vpnObjMap_.erase(multiVpnInterface->vpnId);
927 }
928 return NETMANAGER_EXT_SUCCESS;
929 }
930
SetUpSysVpn(const sptr<SysVpnConfig> & config,bool isVpnExtCall)931 int32_t NetworkVpnService::SetUpSysVpn(const sptr<SysVpnConfig> &config, bool isVpnExtCall)
932 {
933 if (config == nullptr) {
934 NETMGR_EXT_LOG_E("config is null.");
935 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
936 }
937 std::unique_lock<std::mutex> locker(netVpnMutex_);
938 std::string vpnBundleName;
939 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
940 std::vector<int32_t> activeUserIds;
941 int32_t ret = IsSetUpReady(config->vpnId_, vpnBundleName, userId, activeUserIds);
942 if (ret != NETMANAGER_EXT_SUCCESS) {
943 NETMGR_EXT_LOG_W("SetUpVpn failed, not ready");
944 return ret;
945 }
946 std::shared_ptr<NetVpnImpl> vpnObj = CreateSysVpnCtl(config, userId, activeUserIds, isVpnExtCall);
947 if (!vpnConnCallback_) {
948 vpnConnCallback_ = std::make_shared<VpnConnStateCb>(*this);
949 }
950 if (vpnObj == nullptr || vpnObj->RegisterConnectStateChangedCb(vpnConnCallback_) != NETMANAGER_EXT_SUCCESS) {
951 NETMGR_EXT_LOG_E("SetUpSysVpn register internal callback failed");
952 return NETMANAGER_EXT_ERR_INTERNAL;
953 }
954 if (InitMultiVpnInfo(config->vpnId_, config->vpnType_, vpnBundleName, userId, vpnObj) != NETMANAGER_EXT_SUCCESS) {
955 NETMGR_EXT_LOG_E("SetUpSysVpn failed");
956 return NETMANAGER_EXT_ERR_INTERNAL;
957 }
958 vpnObj->multiVpnInfo_->isVpnExtCall = isVpnExtCall;
959 if (config->vpnType_ != VpnType::OPENVPN) {
960 VpnTemplateProcessor vpnTemplateProcessor;
961 if (vpnTemplateProcessor.BuildConfig(vpnObj, vpnObjMap_) != NETMANAGER_EXT_SUCCESS) {
962 NETMGR_EXT_LOG_E("vpnTemplateProcessor BuildConfig failed");
963 return NETMANAGER_EXT_ERR_INTERNAL;
964 }
965 }
966 NETMGR_EXT_LOG_I("SystemVpn SetUp");
967 ret = vpnObj->SetUp();
968 if (ret == NETMANAGER_EXT_SUCCESS && !isVpnExtCall) {
969 hasOpenedVpnUid_ = IPCSkeleton::GetCallingUid();
970 vpnObj_ = vpnObj;
971 }
972 connectingObj_ = vpnObj;
973 return ret;
974 }
975
CreateSysVpnCtl(const sptr<SysVpnConfig> & config,int32_t userId,std::vector<int32_t> & activeUserIds,bool isVpnExtCall)976 std::shared_ptr<NetVpnImpl> NetworkVpnService::CreateSysVpnCtl(
977 const sptr<SysVpnConfig> &config, int32_t userId, std::vector<int32_t> &activeUserIds, bool isVpnExtCall)
978 {
979 sptr<VpnDataBean> vpnBean = nullptr;
980 int32_t type = 0;
981 if (isVpnExtCall) {
982 type = config->vpnType_;
983 } else {
984 vpnBean = sptr<VpnDataBean>::MakeSptr();
985 int32_t result = QueryVpnData(config, vpnBean);
986 if (result != NETMANAGER_EXT_SUCCESS) {
987 return nullptr;
988 }
989 type = vpnBean->vpnType_;
990 }
991 switch (type) {
992 case VpnType::IKEV2_IPSEC_MSCHAPv2:
993 case VpnType::IKEV2_IPSEC_PSK:
994 case VpnType::IKEV2_IPSEC_RSA:
995 case VpnType::IPSEC_XAUTH_PSK:
996 case VpnType::IPSEC_XAUTH_RSA:
997 case VpnType::IPSEC_HYBRID_RSA:
998 if (isVpnExtCall) {
999 return CreateIpsecVpnCtl(config, userId, activeUserIds);
1000 } else {
1001 return CreateIpsecVpnCtl(VpnDataBean::ConvertVpnBeanToIpsecVpnConfig(vpnBean), userId,
1002 activeUserIds);
1003 }
1004 case VpnType::L2TP:
1005 case VpnType::L2TP_IPSEC_PSK:
1006 case VpnType::L2TP_IPSEC_RSA:
1007 if (isVpnExtCall) {
1008 return CreateL2tpCtl(config, userId, activeUserIds);
1009 } else {
1010 return CreateL2tpCtl(VpnDataBean::ConvertVpnBeanToL2tpVpnConfig(vpnBean), userId, activeUserIds);
1011 }
1012 case VpnType::OPENVPN:
1013 if (isVpnExtCall) {
1014 return CreateOpenvpnCtl(config, userId, activeUserIds);
1015 } else {
1016 return CreateOpenvpnCtl(VpnDataBean::ConvertVpnBeanToOpenvpnConfig(vpnBean), userId, activeUserIds);
1017 }
1018 default:
1019 NETMGR_EXT_LOG_E("vpn type is invalid, %{public}d", vpnBean->vpnType_);
1020 return nullptr;
1021 }
1022 }
1023
CreateL2tpCtl(const sptr<SysVpnConfig> & config,int32_t userId,std::vector<int32_t> & activeUserIds)1024 std::shared_ptr<IpsecVpnCtl> NetworkVpnService::CreateL2tpCtl(const sptr<SysVpnConfig> &config, int32_t userId,
1025 std::vector<int32_t> &activeUserIds)
1026 {
1027 if (config == nullptr) {
1028 NETMGR_EXT_LOG_E("CreateL2tpCtl failed, config is error");
1029 return nullptr;
1030 }
1031 L2tpVpnConfig *vpnConfig = static_cast<L2tpVpnConfig *>(config.GetRefPtr());
1032 if (vpnConfig == nullptr) {
1033 NETMGR_EXT_LOG_E("CreateL2tpCtl, vpnConfig is error");
1034 return nullptr;
1035 }
1036 sptr<L2tpVpnConfig> l2tpVpnConfig = sptr<L2tpVpnConfig>::MakeSptr(*vpnConfig);
1037 if (l2tpVpnConfig == nullptr) {
1038 NETMGR_EXT_LOG_E("CreateL2tpCtl failed, l2tpVpnConfig is error");
1039 vpnConfig = nullptr;
1040 return nullptr;
1041 }
1042 std::shared_ptr<IpsecVpnCtl> sysVpnCtl = std::make_shared<L2tpVpnCtl>(l2tpVpnConfig, "", userId, activeUserIds);
1043 if (sysVpnCtl != nullptr) {
1044 sysVpnCtl->l2tpVpnConfig_ = l2tpVpnConfig;
1045 }
1046 vpnConfig = nullptr;
1047 return sysVpnCtl;
1048 }
1049
QueryVpnData(const sptr<SysVpnConfig> config,sptr<VpnDataBean> & vpnBean)1050 int32_t NetworkVpnService::QueryVpnData(const sptr<SysVpnConfig> config, sptr<VpnDataBean> &vpnBean)
1051 {
1052 if (config == nullptr) {
1053 NETMGR_EXT_LOG_E("QueryVpnData failed, param is null");
1054 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
1055 }
1056 if (vpnBean == nullptr) {
1057 NETMGR_EXT_LOG_E("vpnBean is nullptr");
1058 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
1059 }
1060 int32_t result = VpnDatabaseHelper::GetInstance().QueryVpnData(vpnBean, config->vpnId_);
1061 if (result != NETMANAGER_EXT_SUCCESS) {
1062 NETMGR_EXT_LOG_E("query vpn data failed");
1063 }
1064 return result;
1065 }
1066
CreateOpenvpnCtl(const sptr<SysVpnConfig> & config,int32_t userId,std::vector<int32_t> & activeUserIds)1067 std::shared_ptr<NetVpnImpl> NetworkVpnService::CreateOpenvpnCtl(const sptr<SysVpnConfig> &config,
1068 int32_t userId, std::vector<int32_t> &activeUserIds)
1069 {
1070 if (config == nullptr) {
1071 NETMGR_EXT_LOG_E("CreateOpenvpnCtl failed, config is error");
1072 return nullptr;
1073 }
1074 OpenvpnConfig *vpnConfig = static_cast<OpenvpnConfig *>(config.GetRefPtr());
1075 if (vpnConfig == nullptr) {
1076 NETMGR_EXT_LOG_E("CreateOpenvpnCtl, vpnConfig is error");
1077 return nullptr;
1078 }
1079 sptr<OpenvpnConfig> openVpnConfig = sptr<OpenvpnConfig>::MakeSptr(*vpnConfig);
1080 if (openVpnConfig == nullptr) {
1081 NETMGR_EXT_LOG_E("CreateOpenvpnCtl failed, openVpnConfig is error");
1082 vpnConfig = nullptr;
1083 return nullptr;
1084 }
1085 std::shared_ptr<OpenvpnCtl> openVpnCtl =
1086 std::make_shared<OpenvpnCtl>(openVpnConfig, "", userId, activeUserIds);
1087 if (openVpnCtl != nullptr) {
1088 openVpnCtl->openvpnConfig_ = openVpnConfig;
1089 }
1090 vpnConfig = nullptr;
1091 return openVpnCtl;
1092 }
1093
CreateIpsecVpnCtl(const sptr<SysVpnConfig> & config,int32_t userId,std::vector<int32_t> & activeUserIds)1094 std::shared_ptr<IpsecVpnCtl> NetworkVpnService::CreateIpsecVpnCtl(const sptr<SysVpnConfig> &config,
1095 int32_t userId, std::vector<int32_t> &activeUserIds)
1096 {
1097 if (config == nullptr) {
1098 NETMGR_EXT_LOG_E("CreateIpsecVpnCtl failed, config is error");
1099 return nullptr;
1100 }
1101 IpsecVpnConfig *vpnConfig = static_cast<IpsecVpnConfig *>(config.GetRefPtr());
1102 if (vpnConfig == nullptr) {
1103 NETMGR_EXT_LOG_E("CreateIpsecVpnCtl, vpnConfig is error");
1104 return nullptr;
1105 }
1106 sptr<IpsecVpnConfig> ipsecVpnConfig = sptr<IpsecVpnConfig>::MakeSptr(*vpnConfig);
1107 if (ipsecVpnConfig == nullptr) {
1108 NETMGR_EXT_LOG_E("CreateIpsecVpnCtl failed, ipsecVpnConfig is error");
1109 vpnConfig = nullptr;
1110 return nullptr;
1111 }
1112 std::shared_ptr<IpsecVpnCtl> sysVpnCtl = std::make_shared<IpsecVpnCtl>(ipsecVpnConfig, "", userId, activeUserIds);
1113 if (sysVpnCtl != nullptr) {
1114 sysVpnCtl->ipsecVpnConfig_ = ipsecVpnConfig;
1115 }
1116 vpnConfig = nullptr;
1117 return sysVpnCtl;
1118 }
1119
AddSysVpnConfig(const sptr<SysVpnConfig> & config)1120 int32_t NetworkVpnService::AddSysVpnConfig(const sptr<SysVpnConfig> &config)
1121 {
1122 int32_t checkPermission = CheckIpcPermission(std::string(Permission::MANAGE_VPN));
1123 if (checkPermission != NETMANAGER_SUCCESS)
1124 return checkPermission;
1125 if (config == nullptr) {
1126 NETMGR_EXT_LOG_E("config is null");
1127 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
1128 }
1129
1130 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
1131 std::vector<int32_t> activeUserIds;
1132 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
1133 if (ret != NETMANAGER_EXT_SUCCESS) {
1134 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed!");
1135 return ret;
1136 }
1137
1138 NETMGR_EXT_LOG_I("AddSysVpnConfig id=%{public}s type=%{public}d",
1139 config->vpnId_.c_str(), config->vpnType_);
1140 config->userId_ = userId;
1141
1142 sptr<VpnDataBean> vpnBean = VpnDataBean::ConvertSysVpnConfigToVpnBean(config);
1143 if (vpnBean == nullptr) {
1144 NETMGR_EXT_LOG_E("vpnBean is nullptr");
1145 return NETMANAGER_EXT_ERR_INTERNAL;
1146 }
1147 return VpnDatabaseHelper::GetInstance().InsertOrUpdateData(vpnBean);
1148 }
1149
DeleteSysVpnConfig(const std::string & vpnId)1150 int32_t NetworkVpnService::DeleteSysVpnConfig(const std::string &vpnId)
1151 {
1152 int32_t checkPermission = CheckIpcPermission(std::string(Permission::MANAGE_VPN));
1153 if (checkPermission != NETMANAGER_SUCCESS)
1154 return checkPermission;
1155 if (vpnId.empty()) {
1156 NETMGR_EXT_LOG_E("vpnId is empty");
1157 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
1158 }
1159
1160 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
1161 std::vector<int32_t> activeUserIds;
1162 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
1163 if (ret != NETMANAGER_EXT_SUCCESS) {
1164 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed");
1165 return ret;
1166 }
1167 NETMGR_EXT_LOG_I("DeleteSysVpnConfig id=%{public}s", vpnId.c_str());
1168 return VpnDatabaseHelper::GetInstance().DeleteVpnData(vpnId);
1169 }
1170
GetConnectedVpnAppInfo(std::vector<std::string> & bundleNameList)1171 int32_t NetworkVpnService::GetConnectedVpnAppInfo(std::vector<std::string> &bundleNameList)
1172 {
1173 std::string vpnBundleName = GetBundleName();
1174 if (!CheckVpnPermission(vpnBundleName)) {
1175 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
1176 }
1177 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
1178 std::vector<int32_t> activeUserIds;
1179 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
1180 if (ret != NETMANAGER_EXT_SUCCESS) {
1181 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed");
1182 return ret;
1183 }
1184 for (auto it = vpnObjMap_.begin(); it != vpnObjMap_.end();) {
1185 std::shared_ptr<NetVpnImpl> vpnObj = it->second;
1186 if (vpnObj == nullptr || vpnObj->multiVpnInfo_ == nullptr) {
1187 NETMGR_EXT_LOG_E("GetConnectedVpnAppInfo failed, vpnObj invalid");
1188 it = vpnObjMap_.erase(it);
1189 return NETMANAGER_EXT_ERR_INTERNAL;
1190 }
1191 if (userId == vpnObj->multiVpnInfo_->userId) {
1192 std::string name = vpnObj->multiVpnInfo_->bundleName;
1193 if (std::find(bundleNameList.begin(), bundleNameList.end(), name) == bundleNameList.end()) {
1194 bundleNameList.push_back(name);
1195 }
1196 }
1197 }
1198 return NETMANAGER_EXT_SUCCESS;
1199 }
1200
GetSysVpnConfigList(std::vector<sptr<SysVpnConfig>> & vpnList)1201 int32_t NetworkVpnService::GetSysVpnConfigList(std::vector<sptr<SysVpnConfig>> &vpnList)
1202 {
1203 int32_t checkPermission = CheckIpcPermission(std::string(Permission::MANAGE_VPN));
1204 if (checkPermission != NETMANAGER_SUCCESS)
1205 return checkPermission;
1206 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
1207 std::vector<int32_t> activeUserIds;
1208 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
1209 if (ret != NETMANAGER_EXT_SUCCESS) {
1210 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed");
1211 return ret;
1212 }
1213 NETMGR_EXT_LOG_I("SystemVpn GetSysVpnConfigList");
1214 return VpnDatabaseHelper::GetInstance().QueryAllData(vpnList, userId);
1215 }
1216
GetSysVpnConfig(sptr<SysVpnConfig> & config,const std::string & vpnId)1217 int32_t NetworkVpnService::GetSysVpnConfig(sptr<SysVpnConfig> &config, const std::string &vpnId)
1218 {
1219 int32_t checkPermission = CheckIpcPermission(std::string(Permission::MANAGE_VPN));
1220 if (checkPermission != NETMANAGER_SUCCESS)
1221 return checkPermission;
1222 if (vpnId.empty()) {
1223 NETMGR_EXT_LOG_E("vpnId is empty");
1224 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
1225 }
1226
1227 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
1228 std::vector<int32_t> activeUserIds;
1229 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
1230 if (ret != NETMANAGER_EXT_SUCCESS) {
1231 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed!");
1232 return ret;
1233 }
1234
1235 NETMGR_EXT_LOG_I("GetSysVpnConfig id=%{public}s", vpnId.c_str());
1236 sptr<VpnDataBean> vpnBean = new (std::nothrow) VpnDataBean();
1237 if (vpnBean == nullptr) {
1238 NETMGR_EXT_LOG_E("vpnBean is nullptr");
1239 return NETMANAGER_EXT_ERR_INTERNAL;
1240 }
1241 int32_t result = VpnDatabaseHelper::GetInstance().QueryVpnData(vpnBean, vpnId);
1242 if (result != NETMANAGER_EXT_SUCCESS) {
1243 NETMGR_EXT_LOG_E("QueryVpnData failed, result = %{public}d", result);
1244 return result;
1245 }
1246 config = VpnDataBean::ConvertVpnBeanToSysVpnConfig(vpnBean);
1247 return NETMANAGER_EXT_SUCCESS;
1248 }
1249
GetConnectedSysVpnConfig(sptr<SysVpnConfig> & config)1250 int32_t NetworkVpnService::GetConnectedSysVpnConfig(sptr<SysVpnConfig> &config)
1251 {
1252 int32_t checkPermission = CheckIpcPermission(std::string(Permission::MANAGE_VPN));
1253 if (checkPermission != NETMANAGER_SUCCESS)
1254 return checkPermission;
1255 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
1256 std::vector<int32_t> activeUserIds;
1257 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
1258 if (ret != NETMANAGER_EXT_SUCCESS) {
1259 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed!");
1260 return ret;
1261 }
1262
1263 std::unique_lock<std::mutex> locker(netVpnMutex_);
1264 if (vpnObj_ == nullptr) {
1265 NETMGR_EXT_LOG_I("GetConnectedSysVpnConfig is null. maybe not setup yet");
1266 return NETMANAGER_EXT_SUCCESS;
1267 }
1268 NETMGR_EXT_LOG_I("SystemVpn GetConnectedSysVpnConfig");
1269 return vpnObj_->GetConnectedSysVpnConfig(config);
1270 }
1271
NotifyConnectStage(const std::string & stage,const int32_t result)1272 int32_t NetworkVpnService::NotifyConnectStage(const std::string &stage, const int32_t result)
1273 {
1274 uint32_t callingUid = static_cast<uint32_t>(IPCSkeleton::GetCallingUid());
1275 if (callingUid != UID_NET_SYS_NATIVE) {
1276 NETMGR_EXT_LOG_E("NotifyConnectStage failed, invalid callingUid");
1277 return NETMANAGER_EXT_ERR_NOT_SYSTEM_CALL;
1278 }
1279
1280 std::unique_lock<std::mutex> locker(netVpnMutex_);
1281 if (stage.find(DISCONNECT_TAG) != std::string::npos) {
1282 NETMGR_EXT_LOG_I("service disconnect");
1283 if ((vpnObj_ != nullptr) && (vpnObj_->GetVpnConfig()->addresses_.size() > VPN_LOCAL_IP_INDEX) &&
1284 (vpnObj_->Destroy() == NETMANAGER_EXT_SUCCESS)) {
1285 vpnObj_ = nullptr;
1286 NETMGR_EXT_LOG_I("destroy vpn is ok");
1287 return NETMANAGER_EXT_SUCCESS;
1288 }
1289 std::string addr;
1290 MultiVpnHelper::GetInstance().GetDisconnectAddr(stage, addr);
1291 for (auto vpnObjTemp : vpnObjMap_) {
1292 if (vpnObjTemp.second == nullptr || vpnObjTemp.second->GetVpnConfig() == nullptr) {
1293 continue;
1294 }
1295 if ((vpnObjTemp.second->GetVpnConfig()->addresses_.size() > VPN_LOCAL_IP_INDEX) &&
1296 vpnObjTemp.second->GetVpnConfig()->addresses_[VPN_LOCAL_IP_INDEX].address_ == addr) {
1297 return DestroyMultiVpn(vpnObjTemp.second);
1298 }
1299 }
1300 }
1301 if (connectingObj_ == nullptr || connectingObj_->multiVpnInfo_ == nullptr) {
1302 NETMGR_EXT_LOG_E("NotifyConnectStage failed, connectingObj_ is null");
1303 return NETMANAGER_EXT_ERR_INTERNAL;
1304 }
1305 if (connectingObj_->multiVpnInfo_->isVpnExtCall && MultiVpnHelper::GetInstance().IsConnectedStage(stage)) {
1306 MultiVpnHelper::GetInstance().AddMultiVpnInfo(connectingObj_->multiVpnInfo_);
1307 vpnObjMap_.insert({connectingObj_->multiVpnInfo_->vpnId, connectingObj_});
1308 }
1309 return connectingObj_->NotifyConnectStage(stage, result);
1310 }
1311
GetSysVpnCertUri(const int32_t certType,std::string & certUri)1312 int32_t NetworkVpnService::GetSysVpnCertUri(const int32_t certType, std::string &certUri)
1313 {
1314 uint32_t callingUid = static_cast<uint32_t>(IPCSkeleton::GetCallingUid());
1315 if (callingUid != UID_NET_SYS_NATIVE) {
1316 NETMGR_EXT_LOG_E("GetSysVpnCertUri failed, invalid callingUid");
1317 return NETMANAGER_EXT_ERR_NOT_SYSTEM_CALL;
1318 }
1319 std::unique_lock<std::mutex> locker(netVpnMutex_);
1320
1321 if (connectingObj_ == nullptr) {
1322 NETMGR_EXT_LOG_E("GetSysVpnCertUri failed, connectingObj_ is null");
1323 return NETMANAGER_EXT_ERR_INTERNAL;
1324 }
1325 return connectingObj_->GetSysVpnCertUri(certType, certUri);
1326 }
1327
RegisterMultiVpnEvent(const sptr<IVpnEventCallback> & callback)1328 int32_t NetworkVpnService::RegisterMultiVpnEvent(const sptr<IVpnEventCallback> &callback)
1329 {
1330 std::string vpnBundleName = GetBundleName();
1331 if (!CheckVpnPermission(vpnBundleName)) {
1332 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
1333 }
1334 int32_t ret = NETMANAGER_EXT_ERR_OPERATION_FAILED;
1335 if (!networkVpnServiceFfrtQueue_) {
1336 NETMGR_EXT_LOG_E("FFRT Create Fail");
1337 return ret;
1338 }
1339 ffrt::task_handle RegisterVpnEventTask = networkVpnServiceFfrtQueue_->submit_h([this,
1340 &callback, &ret, &vpnBundleName]() {
1341 ret = SyncRegisterMultiVpnEvent(callback, vpnBundleName);
1342 }, ffrt::task_attr().name("RegisterMultiVpnEvent"));
1343 networkVpnServiceFfrtQueue_->wait(RegisterVpnEventTask);
1344 return ret;
1345 }
1346
UnregisterMultiVpnEvent(const sptr<IVpnEventCallback> & callback)1347 int32_t NetworkVpnService::UnregisterMultiVpnEvent(const sptr<IVpnEventCallback> &callback)
1348 {
1349 std::string vpnBundleName = GetBundleName();
1350 if (!CheckVpnPermission(vpnBundleName)) {
1351 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
1352 }
1353 int32_t ret = NETMANAGER_EXT_ERR_OPERATION_FAILED;
1354 if (!networkVpnServiceFfrtQueue_) {
1355 NETMGR_EXT_LOG_E("FFRT Create Fail");
1356 return ret;
1357 }
1358 ffrt::task_handle UnregisterVpnEventTask = networkVpnServiceFfrtQueue_->submit_h([this, &callback, &ret]() {
1359 ret = SyncUnregisterMultiVpnEvent(callback);
1360 }, ffrt::task_attr().name("RegisterMultiVpnEvent"));
1361 networkVpnServiceFfrtQueue_->wait(UnregisterVpnEventTask);
1362 return ret;
1363 }
1364
GetVpnCertData(const int32_t certType,std::vector<int8_t> & certData)1365 int32_t NetworkVpnService::GetVpnCertData(const int32_t certType, std::vector<int8_t> &certData)
1366 {
1367 uint32_t callingUid = static_cast<uint32_t>(IPCSkeleton::GetCallingUid());
1368 if (callingUid != UID_NET_SYS_NATIVE) {
1369 NETMGR_EXT_LOG_E("GetSysVpnCertUri failed, invalid callingUid");
1370 return NETMANAGER_EXT_ERR_NOT_SYSTEM_CALL;
1371 }
1372 std::unique_lock<std::mutex> locker(netVpnMutex_);
1373
1374 if (connectingObj_ == nullptr) {
1375 NETMGR_EXT_LOG_E("GetVpnCertData failed, connectingObj_ is null");
1376 return NETMANAGER_EXT_ERR_INTERNAL;
1377 }
1378 return connectingObj_->GetVpnCertData(certType, certData);
1379 }
1380 #endif // SUPPORT_SYSVPN
1381
RegisterVpnEvent(const sptr<IVpnEventCallback> & callback)1382 int32_t NetworkVpnService::RegisterVpnEvent(const sptr<IVpnEventCallback> &callback)
1383 {
1384 std::string vpnBundleName = GetBundleName();
1385 if (!CheckVpnPermission(vpnBundleName)) {
1386 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
1387 }
1388 int32_t ret = NETMANAGER_EXT_ERR_OPERATION_FAILED;
1389 if (!networkVpnServiceFfrtQueue_) {
1390 NETMGR_EXT_LOG_E("FFRT Create Fail");
1391 return ret;
1392 }
1393 ffrt::task_handle RegisterVpnEventTask = networkVpnServiceFfrtQueue_->submit_h([this, &callback, &ret]() {
1394 ret = SyncRegisterVpnEvent(callback);
1395 }, ffrt::task_attr().name("RegisterVpnEvent"));
1396 networkVpnServiceFfrtQueue_->wait(RegisterVpnEventTask);
1397 return ret;
1398 }
1399
UnregisterVpnEvent(const sptr<IVpnEventCallback> & callback)1400 int32_t NetworkVpnService::UnregisterVpnEvent(const sptr<IVpnEventCallback> &callback)
1401 {
1402 std::string vpnBundleName = GetBundleName();
1403 if (!CheckVpnPermission(vpnBundleName)) {
1404 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
1405 }
1406 int32_t ret = NETMANAGER_EXT_ERR_OPERATION_FAILED;
1407 if (!networkVpnServiceFfrtQueue_) {
1408 NETMGR_EXT_LOG_E("FFRT Create Fail");
1409 return ret;
1410 }
1411 ffrt::task_handle UnregisterVpnEventTask = networkVpnServiceFfrtQueue_->submit_h([this, &callback, &ret]() {
1412 ret = SyncUnregisterVpnEvent(callback);
1413 }, ffrt::task_attr().name("RegisterVpnEvent"));
1414 networkVpnServiceFfrtQueue_->wait(UnregisterVpnEventTask);
1415 return ret;
1416 }
1417
CreateVpnConnection(bool isVpnExtCall)1418 int32_t NetworkVpnService::CreateVpnConnection(bool isVpnExtCall)
1419 {
1420 /*
1421 * Only permission verification is performed
1422 */
1423 NETMGR_EXT_LOG_I("CreateVpnConnection successfully.");
1424 return NETMANAGER_EXT_SUCCESS;
1425 }
1426
CheckCurrentAccountType(int32_t & userId,std::vector<int32_t> & activeUserIds)1427 int32_t NetworkVpnService::CheckCurrentAccountType(int32_t &userId, std::vector<int32_t> &activeUserIds)
1428 {
1429 int32_t uid = IPCSkeleton::GetCallingUid();
1430 int32_t userId_Max = 99;
1431 if (AccountSA::OsAccountManager::GetOsAccountLocalIdFromUid(uid, userId) != ERR_OK) {
1432 NETMGR_EXT_LOG_E("GetOsAccountLocalIdFromUid error, uid: %{public}d.", uid);
1433 return NETMANAGER_EXT_ERR_INTERNAL;
1434 }
1435
1436 if (AccountSA::OsAccountManager::QueryActiveOsAccountIds(activeUserIds) != ERR_OK) {
1437 NETMGR_EXT_LOG_E("QueryActiveOsAccountIds error.");
1438 }
1439
1440 if (userId >= 0 && userId <= userId_Max) {
1441 return NETMANAGER_EXT_SUCCESS;
1442 }
1443
1444 auto itr = std::find_if(activeUserIds.begin(), activeUserIds.end(),
1445 [userId](const int32_t &elem) { return (elem == userId) ? true : false; });
1446 if (itr == activeUserIds.end()) {
1447 NETMGR_EXT_LOG_E("userId: %{public}d is not active user. activeUserIds.size: %{public}zd", userId,
1448 activeUserIds.size());
1449 return NETWORKVPN_ERROR_REFUSE_CREATE_VPN;
1450 }
1451
1452 activeUserIds.clear();
1453
1454 AccountSA::OsAccountType accountType;
1455 if (AccountSA::OsAccountManager::GetOsAccountType(userId, accountType) != ERR_OK) {
1456 NETMGR_EXT_LOG_E("GetOsAccountType error, userId: %{public}d.", userId);
1457 return NETMANAGER_EXT_ERR_INTERNAL;
1458 }
1459 if (accountType == AccountSA::OsAccountType::GUEST) {
1460 NETMGR_EXT_LOG_E("The guest user cannot execute the VPN interface.");
1461 return NETWORKVPN_ERROR_REFUSE_CREATE_VPN;
1462 }
1463 return NETMANAGER_EXT_SUCCESS;
1464 }
1465
1466 #ifdef SUPPORT_SYSVPN
SyncRegisterMultiVpnEvent(const sptr<IVpnEventCallback> callback,const std::string & vpnBundleName)1467 int32_t NetworkVpnService::SyncRegisterMultiVpnEvent(const sptr<IVpnEventCallback> callback,
1468 const std::string &vpnBundleName)
1469 {
1470 if (vpnBundleName.empty()) {
1471 NETMGR_EXT_LOG_E("SyncRegisterMultiVpnEvent bundle name is empty");
1472 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
1473 }
1474 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1475 for (auto iterCb = multiVpnEventCallbacks_.begin(); iterCb != multiVpnEventCallbacks_.end(); iterCb++) {
1476 if (((*iterCb)->callback)->AsObject().GetRefPtr() == callback->AsObject().GetRefPtr()) {
1477 NETMGR_EXT_LOG_E("Register multi vpn event callback failed, callback already exists");
1478 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
1479 }
1480 }
1481 if (multiVpnEventCallbacks_.size() >= MAX_CALLBACK_COUNT) {
1482 NETMGR_EXT_LOG_E("callback above max count, return error.");
1483 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
1484 }
1485 if (!AddClientDeathRecipient(callback)) {
1486 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
1487 }
1488 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
1489 if (AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId) != ERR_OK) {
1490 NETMGR_EXT_LOG_E("GetForegroundOsAccountLocalId error");
1491 return NETMANAGER_EXT_ERR_INTERNAL;
1492 }
1493 sptr<MultiVpnEventCallback> multiVpnEventCallback = new (std::nothrow) MultiVpnEventCallback();
1494 if (multiVpnEventCallback == nullptr) {
1495 NETMGR_EXT_LOG_E("SyncRegisterMultiVpnEvent error, multiVpnEventCallback is nullptr");
1496 return NETMANAGER_EXT_ERR_INTERNAL;
1497 }
1498 multiVpnEventCallback->userId = userId;
1499 multiVpnEventCallback->bundleName = vpnBundleName;
1500 multiVpnEventCallback->callback = callback;
1501 multiVpnEventCallbacks_.push_back(multiVpnEventCallback);
1502 NETMGR_EXT_LOG_I("Register multi vpn event callback successfully");
1503 return NETMANAGER_EXT_SUCCESS;
1504 }
1505
SyncUnregisterMultiVpnEvent(const sptr<IVpnEventCallback> callback)1506 int32_t NetworkVpnService::SyncUnregisterMultiVpnEvent(const sptr<IVpnEventCallback> callback)
1507 {
1508 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1509 for (auto iter = multiVpnEventCallbacks_.begin(); iter != multiVpnEventCallbacks_.end(); ++iter) {
1510 if (((*iter)->callback)->AsObject().GetRefPtr() == callback->AsObject().GetRefPtr()) {
1511 RemoveClientDeathRecipient(callback);
1512 multiVpnEventCallbacks_.erase(iter);
1513 NETMGR_EXT_LOG_I("Unregister multi vpn event successfully.");
1514 return NETMANAGER_EXT_SUCCESS;
1515 }
1516 }
1517 NETMGR_EXT_LOG_E("Unregister multi vpn event callback is does not exist.");
1518 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
1519 }
1520 #endif // SUPPORT_SYSVPN
1521
SyncRegisterVpnEvent(const sptr<IVpnEventCallback> callback)1522 int32_t NetworkVpnService::SyncRegisterVpnEvent(const sptr<IVpnEventCallback> callback)
1523 {
1524 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1525 for (auto iterCb = vpnEventCallbacks_.begin(); iterCb != vpnEventCallbacks_.end(); iterCb++) {
1526 if ((*iterCb)->AsObject().GetRefPtr() == callback->AsObject().GetRefPtr()) {
1527 NETMGR_EXT_LOG_E("Register vpn event callback failed, callback already exists");
1528 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
1529 }
1530 }
1531
1532 if (vpnEventCallbacks_.size() >= MAX_CALLBACK_COUNT) {
1533 NETMGR_EXT_LOG_E("callback above max count, return error.");
1534 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
1535 }
1536 if (!AddClientDeathRecipient(callback)) {
1537 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
1538 }
1539 vpnEventCallbacks_.push_back(callback);
1540 NETMGR_EXT_LOG_I("Register vpn event callback successfully");
1541 return NETMANAGER_EXT_SUCCESS;
1542 }
1543
SyncUnregisterVpnEvent(const sptr<IVpnEventCallback> callback)1544 int32_t NetworkVpnService::SyncUnregisterVpnEvent(const sptr<IVpnEventCallback> callback)
1545 {
1546 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1547 for (auto iter = vpnEventCallbacks_.begin(); iter != vpnEventCallbacks_.end(); ++iter) {
1548 if (callback->AsObject().GetRefPtr() == (*iter)->AsObject().GetRefPtr()) {
1549 RemoveClientDeathRecipient(callback);
1550 vpnEventCallbacks_.erase(iter);
1551 NETMGR_EXT_LOG_I("Unregister vpn event successfully.");
1552 return NETMANAGER_EXT_SUCCESS;
1553 }
1554 }
1555 NETMGR_EXT_LOG_E("Unregister vpn event callback is does not exist.");
1556 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
1557 }
1558
OnAddSystemAbility(int32_t systemAbilityId,const std::string & deviceId)1559 void NetworkVpnService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId)
1560 {
1561 NETMGR_EXT_LOG_D("NetworkVpnService::OnAddSystemAbility systemAbilityId[%{public}d]", systemAbilityId);
1562 if (systemAbilityId == COMM_NETSYS_NATIVE_SYS_ABILITY_ID) {
1563 if (hasSARemoved_) {
1564 OnNetSysRestart();
1565 hasSARemoved_ = false;
1566 }
1567 } else if (systemAbilityId == COMMON_EVENT_SERVICE_ID && !registeredCommonEvent_) {
1568 SubscribeCommonEvent();
1569 }
1570 }
1571
OnRemoveSystemAbility(int32_t systemAbilityId,const std::string & deviceId)1572 void NetworkVpnService::OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId)
1573 {
1574 NETMGR_EXT_LOG_D("NetworkVpnService::OnRemoveSystemAbility systemAbilityId[%{public}d]", systemAbilityId);
1575 if (systemAbilityId == COMM_NETSYS_NATIVE_SYS_ABILITY_ID) {
1576 hasSARemoved_ = true;
1577 } else if (systemAbilityId == COMMON_EVENT_SERVICE_ID) {
1578 registeredCommonEvent_ = false;
1579 }
1580 }
1581
OnNetSysRestart()1582 void NetworkVpnService::OnNetSysRestart()
1583 {
1584 std::lock_guard<std::mutex> locker(netVpnMutex_);
1585 NETMGR_EXT_LOG_I("NetworkVpnService::OnNetSysRestart");
1586 if (vpnObj_ != nullptr) {
1587 vpnObj_->ResumeUids();
1588 }
1589 }
1590
FactoryResetVpn()1591 int32_t NetworkVpnService::FactoryResetVpn()
1592 {
1593 NETMGR_EXT_LOG_I("factory reset Vpn enter.");
1594
1595 return NETMANAGER_EXT_SUCCESS;
1596 }
1597
RegisterFactoryResetCallback()1598 void NetworkVpnService::RegisterFactoryResetCallback()
1599 {
1600 std::thread t([this]() {
1601 uint32_t count = 0;
1602 while (NetConnClient::GetInstance().SystemReady() != NETMANAGER_SUCCESS && count < MAX_GET_SERVICE_COUNT) {
1603 std::this_thread::sleep_for(std::chrono::seconds(WAIT_FOR_SERVICE_TIME_S));
1604 count++;
1605 }
1606 NETMGR_EXT_LOG_W("NetConnClient Get SystemReady count: %{public}u", count);
1607 if (count > MAX_GET_SERVICE_COUNT) {
1608 NETMGR_EXT_LOG_E("Connect netconn service fail.");
1609 } else {
1610 netFactoryResetCallback_ = (std::make_unique<FactoryResetCallBack>(*this)).release();
1611 if (netFactoryResetCallback_ != nullptr) {
1612 int ret = NetConnClient::GetInstance().RegisterNetFactoryResetCallback(netFactoryResetCallback_);
1613 if (ret != NETMANAGER_SUCCESS) {
1614 NETMGR_EXT_LOG_E("RegisterNetFactoryResetCallback ret: %{public}d.", ret);
1615 }
1616 } else {
1617 NETMGR_EXT_LOG_E("netFactoryResetCallback_ is null.");
1618 }
1619 }
1620 });
1621 std::string threadName = "vpnRegisterFactoryResetCallback";
1622 pthread_setname_np(t.native_handle(), threadName.c_str());
1623 t.detach();
1624 }
1625
SetAlwaysOnVpn(std::string & pkg,bool & enable)1626 int32_t NetworkVpnService::SetAlwaysOnVpn(std::string &pkg, bool &enable)
1627 {
1628 int32_t ret = NetDataShareHelperUtilsIface::Update(ALWAYS_ON_VPN_URI, KEY_ALWAYS_ON_VPN, (enable ? pkg:""));
1629 if (ret != NETMANAGER_EXT_SUCCESS) {
1630 NETMGR_EXT_LOG_E("SetAlwaysOnVpn fail: %{public}d", ret);
1631 return NETMANAGER_ERR_INTERNAL;
1632 }
1633 NETMGR_EXT_LOG_I("SetAlwaysOnVpn success: %{public}s", pkg.c_str());
1634
1635 StartAlwaysOnVpn();
1636
1637 return NETMANAGER_EXT_SUCCESS;
1638 }
1639
GetAlwaysOnVpn(std::string & pkg)1640 int32_t NetworkVpnService::GetAlwaysOnVpn(std::string &pkg)
1641 {
1642 std::string value = "";
1643 int32_t ret = NetDataShareHelperUtilsIface::Query(ALWAYS_ON_VPN_URI, KEY_ALWAYS_ON_VPN, value);
1644 if (ret != NETMANAGER_EXT_SUCCESS) {
1645 NETMGR_EXT_LOG_E("GetAlwaysOnVpn fail: %{public}d", ret);
1646 return NETMANAGER_ERR_INTERNAL;
1647 }
1648 pkg = value;
1649 NETMGR_EXT_LOG_I("GetAlwaysOnVpn success: %{public}s", pkg.c_str());
1650 return NETMANAGER_EXT_SUCCESS;
1651 }
1652
StartAlwaysOnVpn()1653 void NetworkVpnService::StartAlwaysOnVpn()
1654 {
1655 //first, according the uerId, query local vpn config, if exist apply
1656 //the config as VPN, if the local VPN is null, query the local kept
1657 //package if exist will call up the target app to provide the VPN
1658 std::string alwaysOnBundleName = "";
1659 int32_t ret = GetAlwaysOnVpn(alwaysOnBundleName);
1660 if (ret != NETMANAGER_EXT_SUCCESS) {
1661 NETMGR_EXT_LOG_E("StartAlwaysOnVpn fail: %{public}d", ret);
1662 return;
1663 }
1664
1665 if (alwaysOnBundleName != "") {
1666 if (vpnObj_ != nullptr) {
1667 std::string pkg = vpnObj_->GetVpnPkg();
1668 if (pkg != alwaysOnBundleName) {
1669 NETMGR_EXT_LOG_W("vpn [ %{public}s] exist, destroy vpn first", pkg.c_str());
1670 DestroyVpn();
1671 }
1672 }
1673 // recover vpn config
1674 RecoverVpnConfig();
1675 }
1676 }
1677
SubscribeCommonEvent()1678 void NetworkVpnService::SubscribeCommonEvent()
1679 {
1680 std::lock_guard<std::mutex> autoLock(cesMutex_);
1681 if (subscriber_ == nullptr) {
1682 EventFwk::MatchingSkills matchingSkills;
1683 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_USER_UNLOCKED);
1684 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_POWER_SAVE_MODE_CHANGED);
1685 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED);
1686 EventFwk::CommonEventSubscribeInfo subscribeInfo(matchingSkills);
1687 // 1 means CORE_EVENT_PRIORITY
1688 subscribeInfo.SetPriority(1);
1689 subscriber_ = std::make_shared<ReceiveMessage>(subscribeInfo, shared_from_this());
1690 }
1691 bool ret = EventFwk::CommonEventManager::SubscribeCommonEvent(subscriber_);
1692 if (!ret) {
1693 NETMGR_EXT_LOG_E("SubscribeCommonEvent fail: %{public}d", ret);
1694 registeredCommonEvent_ = false;
1695 } else {
1696 registeredCommonEvent_ = true;
1697 }
1698 }
1699
OnReceiveEvent(const EventFwk::CommonEventData & eventData)1700 void NetworkVpnService::ReceiveMessage::OnReceiveEvent(const EventFwk::CommonEventData &eventData)
1701 {
1702 auto vpnService = vpnService_.lock();
1703 if (vpnService == nullptr) {
1704 NETMGR_EXT_LOG_E("vpnService_ null");
1705 return;
1706 }
1707 const auto &action = eventData.GetWant().GetAction();
1708 const auto &data = eventData.GetData();
1709 const auto &code = eventData.GetCode();
1710 NETMGR_EXT_LOG_I("NetVReceiveMessage::OnReceiveEvent(), event:[%{public}s], data:[%{public}s], code:[%{public}d]",
1711 action.c_str(), data.c_str(), code);
1712 if (action == EventFwk::CommonEventSupport::COMMON_EVENT_POWER_SAVE_MODE_CHANGED) {
1713 bool isPowerSave = (code == SAVE_MODE || code == LOWPOWER_MODE);
1714 if (isPowerSave) {
1715 vpnService->StartAlwaysOnVpn();
1716 }
1717 return;
1718 }
1719
1720 if (action == EventFwk::CommonEventSupport::COMMON_EVENT_USER_UNLOCKED) {
1721 vpnService->StartAlwaysOnVpn();
1722 }
1723
1724 if (action == EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED) {
1725 std::string bundleName = eventData.GetWant().GetElement().GetBundleName();
1726 NETMGR_EXT_LOG_D("COMMON_EVENT_PACKAGE_REMOVED, BundleName %{public}s", bundleName.c_str());
1727 #ifdef SUPPORT_SYSVPN
1728 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
1729 if (AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId) != ERR_OK) {
1730 NETMGR_EXT_LOG_E("GetForegroundOsAccountLocalId error");
1731 return;
1732 }
1733 NetDataShareHelperUtilsIface::Delete(VPNEXT_MODE_URI, bundleName + "_" + std::to_string(userId));
1734 #else
1735 NetDataShareHelperUtilsIface::Delete(VPNEXT_MODE_URI, bundleName);
1736 #endif // SUPPORT_SYSVPN
1737 }
1738 }
1739
RegisterBundleName(const std::string & bundleName,const std::string & abilityName)1740 int32_t NetworkVpnService::RegisterBundleName(const std::string &bundleName, const std::string &abilityName)
1741 {
1742 if (bundleName.empty() || abilityName.empty()) {
1743 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
1744 }
1745
1746 std::vector<std::string> list = {bundleName, bundleName + VPN_EXTENSION_LABEL};
1747 auto regRet =
1748 Singleton<AppExecFwk::AppMgrClient>::GetInstance().RegisterApplicationStateObserver(vpnHapObserver_, list);
1749 NETMGR_EXT_LOG_I("RegisterBundleName RegisterApplicationStateObserver ret = %{public}d", regRet);
1750
1751 currentVpnBundleName_ = bundleName;
1752 std::lock_guard<std::mutex> autoLock(vpnNameMutex_);
1753 currentVpnAbilityName_.emplace_back(abilityName);
1754 return NETMANAGER_EXT_SUCCESS;
1755 }
1756
GetSelfAppName(std::string & selfAppName,std::string & selfBundleName)1757 int32_t NetworkVpnService::GetSelfAppName(std::string &selfAppName, std::string &selfBundleName)
1758 {
1759 std::string bundleName;
1760 auto samgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
1761 if (samgr == nullptr) {
1762 NETMGR_EXT_LOG_E("Get ability manager failed");
1763 return NETMANAGER_EXT_ERR_INTERNAL;
1764 }
1765 auto object = samgr->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
1766 if (object == nullptr) {
1767 NETMGR_EXT_LOG_E("object is NULL.");
1768 return NETMANAGER_EXT_ERR_INTERNAL;
1769 }
1770 auto bms = iface_cast<OHOS::AppExecFwk::IBundleMgr>(object);
1771 if (bms == nullptr) {
1772 NETMGR_EXT_LOG_E("bundle manager service is NULL.");
1773 return NETMANAGER_EXT_ERR_INTERNAL;
1774 }
1775 int32_t uid = IPCSkeleton::GetCallingUid();
1776 auto result = bms->GetNameForUid(uid, bundleName);
1777 if (result != NETMANAGER_EXT_SUCCESS) {
1778 NETMGR_EXT_LOG_E("Error GetBundleNameForUid fail");
1779 return NETMANAGER_EXT_ERR_INTERNAL;
1780 }
1781
1782 auto bundleResourceProxy = bms->GetBundleResourceProxy();
1783 if (bundleResourceProxy == nullptr) {
1784 NETMGR_EXT_LOG_E("Error get bundleResourceProxy fail");
1785 return NETMANAGER_EXT_ERR_INTERNAL;
1786 }
1787 AppExecFwk::BundleResourceInfo bundleResourceInfo;
1788 auto errCode = bundleResourceProxy->GetBundleResourceInfo(
1789 bundleName, static_cast<uint32_t>(OHOS::AppExecFwk::ResourceFlag::GET_RESOURCE_INFO_ALL), bundleResourceInfo);
1790 if (errCode != ERR_OK) {
1791 NETMGR_EXT_LOG_E("Error call GetBundleResourceInfo fail %{public}d", static_cast<int>(errCode));
1792 return NETMANAGER_EXT_ERR_INTERNAL;
1793 }
1794 NETMGR_EXT_LOG_I("StartVpnExtensionAbility bundleResourceInfo.label %{public}s", bundleResourceInfo.label.c_str());
1795 selfAppName = bundleResourceInfo.label;
1796 selfBundleName = bundleName;
1797 return NETMANAGER_EXT_SUCCESS;
1798 }
1799
SetSelfVpnPid()1800 int32_t NetworkVpnService::SetSelfVpnPid()
1801 {
1802 int32_t uid = IPCSkeleton::GetCallingUid();
1803 int32_t pid = IPCSkeleton::GetCallingPid();
1804 setVpnPidMap_.emplace(uid, pid);
1805 NETMGR_EXT_LOG_I("SetSelfVpnPid uid: %{public}d, pid: %{public}d", uid, pid);
1806 return NETMANAGER_EXT_SUCCESS;
1807 }
1808
GetBundleName()1809 std::string NetworkVpnService::GetBundleName()
1810 {
1811 std::string bundleName;
1812 auto samgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
1813 if (samgr == nullptr) {
1814 NETMGR_EXT_LOG_E("Get ability manager failed");
1815 return bundleName;
1816 }
1817
1818 sptr<IRemoteObject> object = samgr->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
1819 if (object == nullptr) {
1820 NETMGR_EXT_LOG_E("object is NULL.");
1821 return bundleName;
1822 }
1823 sptr<OHOS::AppExecFwk::IBundleMgr> bms = iface_cast<OHOS::AppExecFwk::IBundleMgr>(object);
1824 if (bms == nullptr) {
1825 NETMGR_EXT_LOG_E("bundle manager service is NULL.");
1826 return bundleName;
1827 }
1828
1829 int32_t uid = IPCSkeleton::GetCallingUid();
1830 auto result = bms->GetNameForUid(uid, bundleName);
1831 if (result != NETMANAGER_EXT_SUCCESS) {
1832 NETMGR_EXT_LOG_E("Error GetBundleNameForUid fail");
1833 return bundleName;
1834 }
1835 NETMGR_EXT_LOG_I("bundle name is [%{public}s], uid = [%{public}d]", bundleName.c_str(), uid);
1836
1837 AppExecFwk::BundleInfo bundleInfo;
1838 auto res = bms->GetBundleInfoV9(
1839 bundleName,
1840 static_cast<int32_t>(
1841 static_cast<uint32_t>(AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_HAP_MODULE) |
1842 static_cast<uint32_t>(AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_EXTENSION_ABILITY)),
1843 bundleInfo, uid / USER_ID_DIVIDOR);
1844 if (res != 0) {
1845 NETMGR_EXT_LOG_E("Error GetBundleInfoV9 %{public}d", res);
1846 }
1847 std::lock_guard<std::mutex> autoLock(vpnNameMutex_);
1848 for (const auto &hap : bundleInfo.hapModuleInfos) {
1849 for (const auto &ext : hap.extensionInfos) {
1850 if (ext.type == AppExecFwk::ExtensionAbilityType::VPN) {
1851 currentVpnAbilityName_.emplace_back(ext.name);
1852 }
1853 }
1854 }
1855
1856 return bundleName;
1857 }
1858
OnExtensionStateChanged(const AppExecFwk::AbilityStateData & abilityStateData)1859 void NetworkVpnService::VpnHapObserver::OnExtensionStateChanged(const AppExecFwk::AbilityStateData &abilityStateData)
1860 {
1861 NETMGR_EXT_LOG_I("VPN HAP is OnExtensionStateChanged");
1862 }
1863
OnProcessCreated(const AppExecFwk::ProcessData & processData)1864 void NetworkVpnService::VpnHapObserver::OnProcessCreated(const AppExecFwk::ProcessData &processData)
1865 {
1866 NETMGR_EXT_LOG_I("VPN HAP is OnProcessCreated");
1867 }
1868
OnProcessStateChanged(const AppExecFwk::ProcessData & processData)1869 void NetworkVpnService::VpnHapObserver::OnProcessStateChanged(const AppExecFwk::ProcessData &processData)
1870 {
1871 NETMGR_EXT_LOG_I("VPN HAP is OnProcessStateChanged");
1872 }
1873
GetCurrentVpnBundleName()1874 std::string NetworkVpnService::GetCurrentVpnBundleName()
1875 {
1876 return currentVpnBundleName_;
1877 }
1878
IsCurrentVpnPid(int32_t uid,int32_t pid)1879 bool NetworkVpnService::IsCurrentVpnPid(int32_t uid, int32_t pid)
1880 {
1881 auto it = setVpnPidMap_.find(uid);
1882 if (it != setVpnPidMap_.end() && it->second == pid) {
1883 return true;
1884 }
1885
1886 if (pid == currSetUpVpnPid_) {
1887 return true;
1888 }
1889 return false;
1890 }
1891
UnregVpnHpObserver()1892 void NetworkVpnService::UnregVpnHpObserver()
1893 {
1894 auto unRegRet =
1895 Singleton<AppExecFwk::AppMgrClient>::GetInstance().UnregisterApplicationStateObserver(vpnHapObserver_);
1896 NETMGR_EXT_LOG_I("UnregisterApplicationStateObserver ret = %{public}d", unRegRet);
1897 }
1898
GetCurrentVpnAbilityName()1899 std::vector<std::string> NetworkVpnService::GetCurrentVpnAbilityName()
1900 {
1901 std::lock_guard<std::mutex> autoLock(vpnNameMutex_);
1902 return currentVpnAbilityName_;
1903 }
1904
ClearCurrentVpnUserInfo()1905 void NetworkVpnService::ClearCurrentVpnUserInfo()
1906 {
1907 std::lock_guard<std::mutex> autoLock(vpnNameMutex_);
1908 currentVpnBundleName_ = "";
1909 currentVpnAbilityName_.clear();
1910 setVpnPidMap_.clear();
1911 currSetUpVpnPid_ = 0;
1912 }
1913
OnProcessDied(const AppExecFwk::ProcessData & processData)1914 void NetworkVpnService::VpnHapObserver::OnProcessDied(const AppExecFwk::ProcessData &processData)
1915 {
1916 std::unique_lock<std::mutex> locker(vpnService_.netVpnMutex_);
1917 auto extensionBundleName = vpnService_.GetCurrentVpnBundleName();
1918 auto extensionAbilityName = vpnService_.GetCurrentVpnAbilityName();
1919 NETMGR_EXT_LOG_I("vpn OnProcessDied %{public}d, %{public}d", processData.uid, processData.pid);
1920 if (!vpnService_.IsCurrentVpnPid(processData.uid, processData.pid)) {
1921 NETMGR_EXT_LOG_I("OnProcessDied not vpn uid and pid");
1922 return;
1923 }
1924 if ((vpnService_.vpnObj_ != nullptr) && (vpnService_.vpnObj_->Destroy() != NETMANAGER_EXT_SUCCESS)) {
1925 NETMGR_EXT_LOG_E("destroy vpn failed");
1926 }
1927 vpnService_.vpnObj_ = nullptr;
1928 for (const auto &name : extensionAbilityName) {
1929 AAFwk::Want want;
1930 AppExecFwk::ElementName elem;
1931 elem.SetBundleName(extensionBundleName);
1932 elem.SetAbilityName(name);
1933 want.SetElement(elem);
1934 auto res = AAFwk::AbilityManagerClient::GetInstance()->StopExtensionAbility(
1935 want, nullptr, AAFwk::DEFAULT_INVAL_VALUE, AppExecFwk::ExtensionAbilityType::VPN);
1936 NETMGR_EXT_LOG_I("VPN HAP is OnProcessDied StopExtensionAbility res= %{public}d", res);
1937 }
1938 vpnService_.UnregVpnHpObserver();
1939 vpnService_.ClearCurrentVpnUserInfo();
1940 #ifdef SUPPORT_SYSVPN
1941 vpnService_.DestroyMultiVpn(processData.uid);
1942 #endif // SUPPORT_SYSVPN
1943 }
1944
OnRemoteDied(const wptr<IRemoteObject> & remoteObject)1945 void NetworkVpnService::OnRemoteDied(const wptr<IRemoteObject> &remoteObject)
1946 {
1947 NETMGR_EXT_LOG_I("vpn OnRemoteDied");
1948 sptr<IRemoteObject> diedRemoted = remoteObject.promote();
1949 if (diedRemoted == nullptr) {
1950 NETMGR_EXT_LOG_E("diedRemoted is null");
1951 return;
1952 }
1953 sptr<IVpnEventCallback> callback = iface_cast<IVpnEventCallback>(diedRemoted);
1954 UnregisterVpnEvent(callback);
1955 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1956 #ifdef SUPPORT_SYSVPN
1957 if (vpnObj_ != nullptr && vpnObj_->IsSystemVpn()) {
1958 NETMGR_EXT_LOG_W("system vpn client died");
1959 return;
1960 }
1961 #endif // SUPPORT_SYSVPN
1962 if (vpnObj_ != nullptr && vpnObj_->Destroy() != NETMANAGER_EXT_SUCCESS) {
1963 NETMGR_EXT_LOG_E("destroy vpn is failed");
1964 return;
1965 }
1966 vpnObj_ = nullptr;
1967 }
1968
AddClientDeathRecipient(const sptr<IVpnEventCallback> & callback)1969 bool NetworkVpnService::AddClientDeathRecipient(const sptr<IVpnEventCallback> &callback)
1970 {
1971 NETMGR_EXT_LOG_I("vpn AddClientDeathRecipient");
1972 if (deathRecipient_ == nullptr) {
1973 deathRecipient_ = new (std::nothrow) VpnAppDeathRecipient(*this);
1974 }
1975 if (deathRecipient_ == nullptr) {
1976 NETMGR_EXT_LOG_E("deathRecipient is null");
1977 return false;
1978 }
1979 if (!callback->AsObject()->AddDeathRecipient(deathRecipient_)) {
1980 NETMGR_EXT_LOG_E("AddClientDeathRecipient failed");
1981 return false;
1982 }
1983 return true;
1984 }
1985
RemoveClientDeathRecipient(const sptr<IVpnEventCallback> & callback)1986 void NetworkVpnService::RemoveClientDeathRecipient(const sptr<IVpnEventCallback> &callback)
1987 {
1988 NETMGR_EXT_LOG_I("vpn RemoveClientDeathRecipient");
1989 if (deathRecipient_ == nullptr) {
1990 NETMGR_EXT_LOG_E("vpn deathRecipient_ is null");
1991 return;
1992 }
1993 callback->AsObject()->RemoveDeathRecipient(deathRecipient_);
1994 }
1995
RemoveALLClientDeathRecipient()1996 void NetworkVpnService::RemoveALLClientDeathRecipient()
1997 {
1998 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1999 for (auto &item : vpnEventCallbacks_) {
2000 item->AsObject()->RemoveDeathRecipient(deathRecipient_);
2001 }
2002 vpnEventCallbacks_.clear();
2003 deathRecipient_ = nullptr;
2004 }
2005 } // namespace NetManagerStandard
2006 } // namespace OHOS
2007